Attachment
Vulnerability P1IB-LABAN-001: Missing Authorization
This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In.
Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-001
Summary: A wireless or adjacent network attacker can completely compromise the device, including extracting Pre-Shared Key (PSK) for the Wi-Fi SSID the device is connected to.
CWE: CWE-862: Missing Authorization
CVE: None
CVSS: 9.9 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/AU:Y/R:U/V:C/RE:M
MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.
Attachment
Vulnerability P1IB-LABAN-002: Cross-Site Request Forgery
This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In.
Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-002
Summary: Cross-Site Request Forgery.
CWE: CWE-352: Cross-Site Request Forgery (CSRF)
CVE: None. A CVE was requested from the MITRE CNA-LR without any response.
CVSS: 9.3 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/AU:Y/R:U
MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.
Attachment
Vulnerability P1IB-LABAN-005: Plaintext Storage of a Password
This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In.
Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-005
Summary: Password stored in plain text.
CWE: CWE-256: Plaintext Storage of a Password
CVE: None. A CVE was requested from the MITRE CNA-LR without any response.
CVSS: 6.9 / Medium CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.
Attachment
Vulnerability P1IB-LABAN-006: Insufficiently Protected Credentials
This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In.
Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-006
Summary: Credentials (password for admin interface, PSK for Wi-Fi, MQTT password) retrievable once set.
CWE: CWE-522: Insufficiently Protected Credentials
CVE: None. A CVE was requested from the MITRE CNA-LR without any response.
CVSS: 6.3 / Medium CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.
Attachment
Vulnerability P1IB-LABAN-008: Insecure defaults
This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In.
Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-008
Summary: Insecure defaults.
CWE: CWE-1188: Initialization of a Resource with an Insecure Default
CVE: None. A CVE was requested from the MITRE CNA-LR without any response.
CVSS: 8.7 / High CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U
MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.
Attachment
CSN: Order PIN Maintenance Banner in Swedish
Maintenance banner on csn.se at the time of publication of this blog post, in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).
Attachment
CSN: New Choose Delivery Method Form in Swedish
New design of the choose delivery method form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).
Attachment
CSN: New Order Personal Code Form in Swedish
New design of the order personal code form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).
Attachment
CSN: Original Choose Delivery Method Form in Swedish
Original choose delivery method form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).
Attachment
CSN: Original Incorrect PIN Message in Swedish
Original incorrect PIN message in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).