• IDP Daily Update #1164
  posted: 05/09/08
  
• NSM Daily Update #1164
  posted: 05/09/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1164
  posted: 05/09/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1155
  posted: 05/09/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 05/09/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Wireless Routers Predictable Default WEP/WPA Key Security Bypass Vulnerability

Severity: CRITICAL

Description:

Multiple wireless routers are prone to a vulnerability that can allow an attacker to predict their default WEP/WPA encryption keys.

Specifically, the algorithm to generate default SSID and encryption key values is based on a hash of the device's serial number.

Attackers can exploit this issue to bypass authentication to an affected device, which can allow them to completely compromise the device or to gain access to the private network.

The following products are vulnerable:

- Thomson SpeedTouch
- BT Home Hub

Affected Products:

• BT Home Hub
• Thomson SpeedTouch

References:

• BT: BT Home Hub
• GNUCITIZEN: Default key algorithm in Thomson and BT Home Hub routers
• Thomson Broadband: Thomson Homepage