Belkin, Inc. Affected

Updated:  January 06, 2012

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Buffalo Inc Affected

Updated:  December 27, 2011

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Systems, Inc. Affected

Updated:  January 30, 2012

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Additional information about affected devices can be found in the links below.

Vendor References

D-Link Systems, Inc. Affected

Notified:  December 05, 2011 Updated: December 27, 2011

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys (A division of Cisco Systems) Affected

Notified:  December 05, 2011 Updated: January 30, 2012

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Additional information about affected devices can be found in the links below.

Vendor References

Netgear, Inc. Affected

Notified:  December 05, 2011 Updated: January 12, 2012

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Technicolor Affected

Updated:  February 09, 2012

Status

Affected

Vendor Statement

The vendor has provided the information found below.

Vendor Information

The vendor states that Technicolor products use an anti brute-force mechanism: after 5 retries, the access point is locked for 5 minutes. A penetration test performed by the vendor found that to exhaust every possible PIN would take around 189.44 hours (about 7.89 days). Technicolor will follow the WiFi Alliance (WFA) recommendation concerning the fix for this vulnerability to keep WFA certification for their devices. Technicolor will implement the following: Access point is locked after 10 faulty PIN code attempts. Then, the end-user resets the access point lock state via the GUI/CLI or a reboot of the access point. Customers should contact the vendor to inquiry when firmware updates will be available that include this feature. It is possible to disable WPS completely using the command line interface (when available) by issuing the following command: :wireless wps config state disabled

TP-Link Affected

Updated:  December 27, 2011

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL Affected

Updated:  December 27, 2011

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.