CVE-2024-23726

Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:58

Type Values Removed Values Added
References () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - Third Party Advisory () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - Third Party Advisory

29 Jan 2024, 15:25

Type Values Removed Values Added
CWE CWE-798
CPE cpe:2.3:h:ubeeinteractive:ddw365:-:*:*:*:*:*:*:*
cpe:2.3:o:ubeeinteractive:ddw365_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Ubeeinteractive
Ubeeinteractive ddw365 Firmware
Ubeeinteractive ddw365
References () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - () https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md - Third Party Advisory

24 Jan 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-21 04:15

Updated : 2025-05-30 15:15


NVD link : CVE-2024-23726

Mitre link : CVE-2024-23726

CVE.ORG link : CVE-2024-23726


JSON object : View

Products Affected

ubeeinteractive

  • ddw365_firmware
  • ddw365
CWE
CWE-798

Use of Hard-coded Credentials