{"api_version":"1","generated_at":"2026-04-23T09:40:17+00:00","cve":"CVE-2022-3681","urls":{"html":"https://cve.report/CVE-2022-3681","api":"https://cve.report/api/cve/CVE-2022-3681.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3681","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3681"},"summary":{"title":"CVE-2022-3681","description":"A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.","state":"PUBLIC","assigner":"psirt@lenovo.com","published_at":"2023-10-27 20:15:00","updated_at":"2023-11-07 19:41:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523","name":"https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523","refsource":"MISC","tags":[],"title":"MR2600 Pixiedust Vulnerability – Motorola Mentor","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3681","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3681","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"3681","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"motorola","cpe5":"mr2600","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3681","vulnerable":"1","versionEndIncluding":"1.0.18","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"motorola","cpe5":"mr2600","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-3681","ASSIGNER":"psirt@lenovo.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.\n "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-287 Improper Authentication","cweId":"CWE-287"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Motorola","product":{"product_data":[{"product_name":"MR2600 Router","version":{"version_data":[{"version_affected":"<","version_name":" ","version_value":"v1.0.22"}]}}]}}]}},"references":{"reference_data":[{"url":"https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523","refsource":"MISC","name":"https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Upgrade MR2600 router to Software Version v1.0.22.</span>\n\n<br>"}],"value":"Upgrade MR2600 router to Software Version v1.0.22.\n\n\n"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-27 20:15:00","lastModifiedDate":"2023-11-07 19:41:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:motorola:mr2600:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.18","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}