What is CVE-2012-6371?

CVE-2012-6371 is a publicly disclosed cybersecurity vulnerability with a LOW severity rating and CVSS score of 3.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2012-6371

LOW3.3/ 10.0

Published: December 31, 2012 at 08:55 PM

Modified: April 11, 2025 at 12:51 AM

Source: cve@mitre.org

Vulnerability Description

The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366.

CVSS Metrics

Base Score

3.3

Severity

LOW

Vector String

AV:A/AC:L/Au:N/C:P/I:N/A:N

Weaknesses (CWE)

CWE-310

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Belkin N900 F9K1104v1 routers are vulnerable to a critical security flaw allowing remote attackers to bypass WPA2 security and gain unauthorized access to the Wi-Fi network. This vulnerability stems from the router's flawed implementation of Wi-Fi Protected Setup (WPS), specifically the predictable generation of the WPS PIN based on the device's MAC address, enabling attackers to easily brute-force the PIN. This can lead to complete network compromise and data exfiltration.

02 // Vulnerability Mechanism

Step 1: Packet Capture: The attacker captures wireless packets broadcast by the target Belkin router. These packets contain the router's MAC address.

Step 2: MAC Address Extraction: The attacker extracts the last six digits of the router's LAN/WLAN MAC address from the captured packets.

Step 3: PIN Generation: The attacker uses the extracted MAC address digits to calculate the WPS PIN. The specific algorithm is not detailed in the CVE, but it is implied to be a direct mapping or a simple transformation of the MAC address digits.

Step 4: PIN Brute-Force (If Needed): If the PIN generation is not a direct mapping, the attacker may need to brute-force a small number of possible PIN combinations based on the MAC address digits.

Step 5: WPS Authentication: The attacker uses the calculated or brute-forced WPS PIN to authenticate to the router's Wi-Fi network, bypassing the WPA2 security.

03 // Deep Technical Analysis

The root cause of this vulnerability lies in the Belkin N900 F9K1104v1 router's flawed implementation of WPS. The router generates the WPS PIN using a predictable algorithm based on the last six digits of the LAN/WLAN MAC address. This predictable PIN generation significantly reduces the search space for attackers, making it trivial to brute-force the PIN using readily available tools. The vulnerability doesn't involve a buffer overflow or memory corruption, but rather a design flaw in the WPS implementation itself. The lack of proper entropy in the PIN generation allows for easy guessing.