CVE-2023-40038
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Dec 27, 2023
Updated: Jan 4, 2024
CWE ID 287
Summary
CVE-2023-44038 exposes a vulnerability in Arris DG860A and DG1670A wireless devices. The issue lies in their use of predictable default WPA2 Pre-Shared Keys (PSKs), which are based on the first six characters of the SSID and the last six characters of the BSSID, with the last digit decremented. This vulnerability could potentially allow unauthorized remote access to affected networks. Users are strongly advised to change their default PSKs to secure and unique values to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- ARRIS