This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In. Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-001 Summary: A wireless or adjacent network attacker can completely compromise the device, including extracting Pre-Shared Key (PSK) for the Wi-Fi SSID the device is connected to. CWE: CWE-862: Missing Authorization CVE: None CVSS: 9.9 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/AU:Y/R:U/V:C/RE:M MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.

This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In. Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-002 Summary: Cross-Site Request Forgery. CWE: CWE-352: Cross-Site Request Forgery (CSRF) CVE: None. A CVE was requested from the MITRE CNA-LR without any response. CVSS: 9.3 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/AU:Y/R:U MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.

This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In. Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-005 Summary: Password stored in plain text. CWE: CWE-256: Plaintext Storage of a Password CVE: None. A CVE was requested from the MITRE CNA-LR without any response. CVSS: 6.9 / Medium CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.

This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In. Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-006 Summary: Credentials (password for admin interface, PSK for Wi-Fi, MQTT password) retrievable once set. CWE: CWE-522: Insufficiently Protected Credentials CVE: None. A CVE was requested from the MITRE CNA-LR without any response. CVSS: 6.3 / Medium CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.

This is an attachment to the blog post Wardriving 2024: Using Electricity Meter Readers to Get In. Vulnerability Metadata Vulnerability identifier: P1IB-LABAN-008 Summary: Insecure defaults. CWE: CWE-1188: Initialization of a Resource with an Insecure Default CVE: None. A CVE was requested from the MITRE CNA-LR without any response. CVSS: 8.7 / High CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U MITRE Submission The following information was submitted to the MITRE CNA-LR in CVE Request 1610270 for CVE ID Request the 24th of February 2024.

Maintenance banner on csn.se at the time of publication of this blog post, in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).

New design of the choose delivery method form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).

New design of the order personal code form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).

Original choose delivery method form in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).

Original incorrect PIN message in Swedish. This is an attachment to the blog post about Brute-Forcing Borrowers’ PINs at the Swedish Board of Student Finance (CSN).