VDB

GCVE-110-CERTCC-2011-723755

GCVE-110-CERTCC-2011-723755
Advisory PublishedCVSS 9.3/10
Vulnetix · Advisory published December 27, 2011
The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.

Risk Scores

CVSS 2.0
9.3/10
Critical · AV:N/AC:M/Au:N/C:C/I:C/A:C
certcc-cam
certcc-cam
impact14population12exploitation12widely_known20score_current17.8605ease_of_exploitation15
certcc-vrda
certcc-vrda
d1_impact3d1_population3d1_direct_report1
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score9.3remediation_levelUreport_confidenceCenvironmental_score9.3environmental_vectorCDP:/TD:/CR:ND/IR:ND/AR:NDsecurity_requirements_arND

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›