< Knowledge Base

Are Vigor Routers affected by WPS PIN brute force vulnerability (VU#723755)?

Published On: Jan 29, 2016 

Products affected and solutions

DrayTek products running DrayOS (which is most products sold) as well as the products launched after 2013 never supported WPS Router/AP PinCode, therefore are not at risk from this vulnerability. Products which support WPS Router/AP PinCode method are shown below. However, the feature was removed in the firmware version shown below (and later firmware). To avoid the WPS vulnerability for these models, please update the firmware to the versions shown below or later. Through firmware upgrade, Router/AP PinCode feature will be disabled in the WPS section.

 

About WPS PIN brute force vulnerability

In 2011, a design flaw was found existed in Wi-Fi Protected Setup(WPS) specification for the Router/AP PinCode authentication, known as Wi-Fi Protected Setup (WPS) PIN brute force vulnerability (US-CERT VU#723755). This flaw reduces the attempts needed for the hackers to brute force the Router/AP PinCode to only 11,000 times, which makes the private network can be easily accessed. However, this vulnerability is only in the Router/AP PinCode method, Client PinCode or “Push Button” method is not affected and can continue to be used.

Was this helpful?     


Related Articles