Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
The default PSK key is created by concatenating the fixed string 'Hitron' with a 5-digit hexadecimal value. Such construction drastically limits the key space to approximately one million possibilities (CWE-331: insufficient entropy). An attacker, knowing the key generation scheme, can prepare a dictionary in advance or conduct a brute-force attack covering all possible combinations and guess the key in a relatively short time without any user interaction.
An attacker can obtain full unauthorized access to the Wi-Fi network protected by the default PSK key, enabling network traffic interception, access to connected devices, and further actions within the victim's local network.
The default Wi-Fi PSK key must be changed immediately to a strong, randomly generated password of appropriate length and entropy. Apply patches available from the manufacturer according to the references. Until firmware is updated, manual PSK key change through the device's administrative panel is recommended.
Hitron CODA-4582 and CODA-4589 devices using default, factory-set PSK keys (firmware versions indicated in the manufacturer's references).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHitrontech Coda 4582u
HWHitrontechwszystkie wersjeHitrontech Coda 4582u Firmware
OSHitrontechwszystkie wersjeHitrontech Coda 4589
HWHitrontechwszystkie wersjeHitrontech Coda 4589 Firmware
OSHitrontechwszystkie wersje
Related vulnerabilities
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add ...
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning o...
It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitro...
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername...
Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote ...