A | B | C | D | E | F | G | H | I | J | K | L | M | N | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Device Name | Manufacturer | Type (Router/ AP /Bridge...) | Firmware-Version | WPS enabled by default? | Vulnerable (yes/no) | Tool (Version) | Average time for penetration *without* providing the PIN | WPS can be disabled (and it stays off!) | Comments/Notes | tested by | PIN | This database is intended as an educational resource for users interested in IT-Security. I did not find the vulnerability, that honor goes to Stefan Viehböck and Craig Heffner. | |
2 | MI424-WR Rev.E | Actiontec | Router | 20.19.8 | No | No | None | n/a | WPS "functionality" is not enabled currently | This is the type of router that is used for Verizon FIOS and it appears to me at least that despite there being a button for WPS on the outside of the box, Actiontec says in the user manual: "Although the WPS button is included on the FiOS Router, WPS functionality will not be enabled until a future firmware release. The button is included so that WPS can be activated at a later date without having to physically change the FiOS Router. The GUI does not include the WPS option." | 00:1F:90 | ajdowns | ||
3 | WLAN 1421 | Alice/Hansenet | Wlan Router | 1.0.16 | No | Yes | Reaver | Yes | I did a quick check. Seems to be vulnerable. But with some kind of rate limit maybe. Every second try fails. | |||||
4 | AirPort Extreme | Apple | Router | 7.5.2 | No | No | n/a | n/a | Yes, see comments | Apple seems to use the internal PIN Method, not external PIN. | 60:33:4B | jagermo | ||
5 | Vodafone Easybox 602 | Arcadyan | Router/Modem | 20.02.022 | Yes | No | Reaver 1.3 | Yes | 0:23:08 | Do we have more information about this? WPS PIN is enabled, but device is not vulnerable? Why? | ||||
6 | Vodafone EasyBox 802 | Arcadyan | Router/Modem | 4/20/0207 | Yes | Maybe | Reaver 1.3, WPScrack | Yes | The Router brings a Message after 10 failed logins: Warnung: Bedingt durch zu viele Fehlversuche, nimmt ihre EasyBox keine WPS PIN Registrierung von externen Teilnehmern mehr entgegen. Bitte setzten diesen WPS PIN durch einem neue zu generierenden WPS PIN Code wieder zuruck. Translation: Device locks after ten wrong attempts, user needs to create a new WPS PIN code | 0:26:04 | ||||
7 | Speedport W 504V Typ A | Arcadyan | Router | unkown | Yes | Yes | Reaver 1.4 r122 | 1 sek | yes | 00:1D:19 | 12345670 | |||
8 | EasyBox 803 | Arcadyan Technology Corporation | Router | 30.05.211 (01.07.2011-10:36:41) | Yes | Yes | Reaver 1.3 | [user reports untested, so his 3sec value here removed] | yes (not testet maybe its already ative after switching to off!) | i think there is an interesting thing between easyboxes and speedport AP's some esyboxe's use a standard key begins with spXXXXXXXXXXXXX with a 13 char length numeric key! (also some speedport aps use such a key but there is a nice script to get them with the hexdecimal mac of the target ap! [wardiving wiki!!!] that will work for a lot of speedport models ... ) Have nice day CriticalCore | 00:15:AF | CriticalCore | ||
9 | RT-N16 | ASUS | Router | 1.0.2.3 | Yes | Yes | Reaver 1.3 | 1176 seconds | Yes | bc:ae:c5 | ||||
10 | RT-N10 | ASUS | Router | 1.0.0.8 | Yes | Yes | Reaver 1.3 | 2 seconds per attempt/3.5 hours to crack | Yes | Reece Arnott | ||||
11 | N13U v1&v2 | ASUS | Router | 2/1/2012 | No | No | Reaver 1.3 | 10min | Yes | ASUS N13U uses only PBC WPS configuration method . WPS is switched off automatically after two minutes . Tested on ASUS N13U v1 and v2 using latest firmwares | hA1d3R | |||
12 | Fritz!box 7390 | AVM | Router | 84.05.05 | No | No | will follow soon | will follow soon | Yes | I found this list at work and thought I can provide you with some information of my router. I filled out the parts I know and will check the clear field this evening: - Is your device vulnerable against the WPS attack? * - Wich tool did you use? * - How long did it take you? | FireFly | Hi Firefly, thanks - to fill in the missing informations, just re-do the form. | ||
13 | Fritz!Box 7240 | AVM | Router | 73.05.05 | No | No | wpscrack, Reaver 1.2 | uncrackable | yes | 00:24:FE | ||||
14 | FritzBox7390 | AVM | Router | ALL | No | No | Reaver 1.3 | uncrackable | Yes | You have to activate WPS manually. I's deactivated after every successful wps connection and after 2 minutes. =>Not vulnerable because of very short time limit. | f.reddy | |||
15 | Fritz!Box WLAN 3370 | AVM | Router / Modem | 103.05.07 | No | No | N/A | N/A | Yes | I think all current AVM devices are save as WPS with pin isn't activated on default. | ||||
16 | n150 | Belkin | Router | Unknown | yes | yes | Reaver 1.2 | 12.5 hours | yes | |||||
17 | F9K1001v1 | Belkin | Router | F9K1001_WW_1.00.08 | Yes | Yes | Reaver 1.3 | 7765 seconds | Yes | |||||
18 | F6D6230-4 v1000 | Belkin | Router | 1.00.19 (Apr 22 2010) | Yes | Yes | Reaver 1.3 | 20 min | yes | No lockout, no delay needed. | 0:23:15 | |||
19 | F9K1001v1 (N150) | Belkin | Router | 1.0.08 | Yes | Yes | Reaver 1.3 | 41 minutes, 12 seconds | Yes | The F9K1001v1 is the same as the Belkin N150. I got lucky on the speed, the first 4 digits were found at 3.06% completion. | 08:86:3B | Nick | 21250491 | |
20 | F7D1301 v1 | Belkin | Router | 1.00.22 | Yes | Maybe | none | yes | didn't bother to test, but i assume it's vulnerable judging by the other Belkin routers that come with WPS enabled | 94:44:52 | beej | |||
21 | F7D2301 v1 | Belkin | Router | 1.00.16 (Jul 2 2010 14:36:56) | Yes | Yes | Reaver 1.3 | 1.9 Hours | Yes | 94:44:52 | 93645348 | |||
22 | F9K1105 v1 | Belkin | router | 1.00.03 (Jul 4 2011) | Yes | Yes | Reaver 1.3 | 3hours | yes | |||||
23 | F9K1001 v1 | Belkin | Router | 1.00.08 | Yes | Yes | Reaver 1.2 | 11.2 Hours | Yes | 8302441 | ||||
24 | 7800n | Billion | Router | 1.06d | No | Maybe | Reaver 1.3 | 14 hours | Yes | Only vulnerable when WPS is enabled. Even though I had my attack laptop in the same room as my router, it still took 14 hours to find the PIN. Disabling WPS is completely effective. | 00:04:ED | |||
25 | BiPAC 7404VGPX | Billion | AP | 6.23 | Yes | Yes | reaver 1.3 | 3hours | no | |||||
26 | WZR-HP-G300NH | Buffalo | Router | Unknown | Yes | Maybe | Reaver via Backtrack | Within 1 hour | Yes | With WPS turned off reaver did nothing. With WPS on reaver is looking for the pin. This routers was bought and being used in Japan. | ||||
27 | WZR-HP-AG300H | Buffalo | Access Piont | dd-wrt v24SP2-multi build 15940 | Yes | No | reaver 1.4 | No but it starts locked | WPS is enabled by default and I cannot turn it off. However, Reaver reports that the state is locked at first try. Beacon packets sometimes show WPS (and thus appear in walsh), and other time WPS is not in beacon packets and thus is not reported by walsh. So far I am unable to break wps with reaver even using the known PIN. I've never actually tested to see if wps even works properly in the first place however. | |||||
28 | Linksys E4200 v1 | Cisco | Router | 1.0.03 (Build 14) | yes | yes | Reaver 1.2 | 1 second / attempt, no anti-flooding / blocking / delay | no | WPS LED blinking continuously during attack. Vulnerable with latest firmware, no way to disable WPS -> epic fail! Anonymous user 9308: I've also noticed that across 2 different linksys devices (don't have them on me now) the default WPS pin of 12345670 was the result of 2.5 and 6 hours cracking | ||||
29 | Valet M10 | Cisco | Router | 2.0.01 | Yes | Yes | Reaver 1.2 | 5 hours | NO | A newer firmware is available (2.0.03), but the changes were fairly trivial according to the release notes. | ||||
30 | Linksys E4200 | Cisco | Router | 1.0.0.3 | Yes | Yes | Reaver | 4h | NO | Feedback by security@cisco.com "Issue has been identified and being worked on by product engineering. There is no ETA of a firmware release. Please continue to check support web page for the E4200v1. If you have E4200v2 you can use the auto firmware update to see if there is a new firmware update." | ||||
31 | Linksys E3200 v1 | Cisco | Router | 1.0.02 | Yes | Yes | Reaver 1.3 & r58 | 24h | No | With 1.3, use the --ignore-locks option. With r58 and over, use --lock-delay 60. The router has a 60 seconds cycle with 3 PINs. I was lucky it went as fast, it could've taken a lot longer. | 58:6D:8F | Socapex | ||
32 | WRVS4400N | Cisco | Router | 1/1/2013 | No | No | none | not available | ||||||
33 | UC320W | Cisco | Unified Communications | Current Version | yes | yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
34 | WAP4410N | Cisco | Access Point | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
35 | RV110W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
36 | RV120W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
37 | SRP521W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
38 | SRP526W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
39 | SRP527W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
40 | SRP541W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
41 | SRP546W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
42 | SRP547W | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
43 | WRP400 | Cisco | Router | Current Version | Yes | Yes | Reported by Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps | Cisco | ||||||
44 | Linksys E1000 | Cisco | Router | 2.1.00 build 7Sep 21, 2010 | Yes | Yes | Reaver 1.4 | 7/6/2012 | No | Took aound 6.7hrs to recover the WPS Pin | C0:C1:C0 | aBs0lut3z33r0 | ||
45 | Lynksis E3200 v1 | Cisco | Router | 1.0.03 | Yes | Yes | Reaver 1.4 | No | As stated by Cisco for firmware 1.0.03: - Added Enabled/Disabled feature for Wi-Fi Protected Setup in the web configuration - Added WPS lockdown feature Not true, still works great :) There is no new WPS lockdown, still 60s/3 pins. Anyone else can confirm this? | 58:6D:8F | Socapex | |||
46 | WRT320N | Cisco Linksys | Router | unknown | Yes | Maybe | Reaver 1.4 | n/a | unknown | Reaver constantly outputs 'WPS transaction failed (code: 0x2)', indicating an "Unexpected timeout or EAP failure". | ||||
47 | WRT610N | Cisco-Linksys | Router | 2.00.01.15 | Yes | Yes | Reaver 1.4 | 24 hours | Not Sure | Chaos | 12215676 | |||
48 | DIR-825 | D-Link | Router | 2.02EU | Yes | Yes | reaver | 5h | Yes | 00:18:e7:fb | ||||
49 | DIR-615 | D-Link | Router | 4,1 | Yes | Yes | Reaver-1.1 | ca. 1h 45min | Yes | |||||
50 | DIR-855 | D-Link | Router | 1.23EU | Yes | Maybe | Reaver 1.3 | user reported 5 minute timeout on failed registration, unknown inducement threshold | yes | |||||
51 | DIR-655 vB1 | D-Link | Router | 2.00NA | Yes | Maybe | Wifi Analyzer (Android) v3.0.2 | Yes | 5C:D9:98 | Can be user-generated | ||||
52 | DIR-300 (HV - B1) | D-Link | Router | 5/2/2012 | Yes | Yes | Reaver 1.3 | 4 Days | yes - can be completely deabled | Nsol | ||||
53 | DIR-300 | D-Link | Router | "2.05" | Yes | Yes | Reaver 1.3 | 4 Days | yes | Nsol | ||||
54 | DIR-655 A3 | D-Link | Router | 1.22b5 | Yes | Yes | Reaver 1.3 | 4.5hrs | Yes | Device ships with WPS enabled; I normally keep disabled; older 1.22b5 firmware since more stable. Allows you to specify a different WPS PIN; When enabled took approx 4.5 hrs to recover WPS pin and WPA2 password; Router constantly re-boots (approx every 30-50 PIN attempts) during this period and was also subjected to a denial of service. Reaver continues to try pins when router recovers using -L option. Can adjust Reaver timing settings for better results. Reaver 1.3 on BackTrack 5R1. Reaver thinks router is rate limiting (it is actually crashing); restarting Reaver or using -L allowed Reaver to continue checking pins almost immediately or as soon as the router rebooted itself. | ||||
55 | DIR-300 | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
56 | DIR-457 | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
57 | DIR-501 | D-Link | Router | Current | tested and reported by D-Link directly | D-Link | ||||||||
58 | DIR-600 | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
59 | DIR-615 Rev D+ H | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
60 | DIR-615 Rev. B | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
61 | DIR-635 Rev B | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
62 | DIR-645 | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
63 | DIR-652 | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
64 | DIR-655 | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
65 | DIR-657 | D-Link | Router | Current | Yes | Yes | Yes | tested and reported by D-Link directly | D-Link | |||||
66 | DIR-815 | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
67 | DIR-852 | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
68 | DIR-855 | D-Link | Router | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
69 | DAP-1360 | D-Link | Access Point | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
70 | DAP-1522 | D-Link | Access Point | Current | Yes | Yes | yes | tested and reported by D-Link directly | D-Link | |||||
71 | DIR-625 | D-Link | Router | 3,04 | Yes | Yes | Reaver 1.4 | 4 hours | Yes | Hardware version (very relevant for some D-Link devices): C2 This is the first device that I've successfully recovered the PIN from! | 00:1E:58 | |||
72 | DIR-615 | D-Link | Router | 2,23 | Yes | No | Reaver 1.3 | n/a | Yes | Hardware version B2. This device appears to enter a WPS "blocked" state after approximately 60 failed PIN attempts (consistently around 0.60% progress in Reaver). It does not unblock until a system reboot. | ||||
73 | DIR-628 | DLink | Router/access point | 11/1/2012 | Yes | Yes | reaver 1.3 | Didn't let it run | yes | I didn't bother letting reaver run until it cracked the PIN -- I just wanted to confirm that it was vulnerable, and that turning off WPS fixed it. Walsh listed it as vulnerable before turning off WPS, but not after. | ||||
74 | DWA125 with Ralink2870 / 3070 | Dlink | USB | 1 | No | No | Reaver 1.4 | i don't know | ||||||
75 | DWA125 with Ralink2870 / 3070 | Dlink | USB | 1 | No | No | Reaver 1.4 | i don't know | ||||||
76 | 3G-6200nL | Edimax | Router | 1.06b | No | No | N/A | N/A | Yes | Router has a Push Button to Enable WPS | Can you verify, that push button is the only method they are using? | |||
77 | ECB9500 | Engenius | Wireless Gigabit Client Bridge | 02.02.2009 | Yes | Yes | Reaver 1.3 > | 4 hours | Yes | More information about this can be found here: http://www.virtualistic.nl/archives/691 | virtualistic.nl | |||
78 | EchoLife HG521 | Huawei | Router | 1,02 | yes | yes | Reaver 1.1 | 5-6 hours | yes | TalkTalk ISP UK | ||||
79 | BtHomeHiub3 | Huawei | Router/ADSL | Unknown | Yes | Yes | Reaver 1.3 | 50 minutes | Unknown | Unknown | ||||
80 | E3000 | Linksys | Router | 1.0.04 | Yes | Maybe - see Comments | Reaver 1.3 | 24h | Yes | WPS lockdown after 20 attemps (power cycle needed). Testet with reaver -p "PIN" ->got WPA Key. =>not vurlnerable because of automatic lockdown. | 58:6D:8F:0A | f.reddy | 69382161 | more information about this router and the WPS-DoS: http://www.reddit.com/r/netsec/comments/nzvys/wps_brute_force_i_started_public_google_doc_so_we/c3domfn |
81 | WRT350N | Linksys | Router | 2.0.3 i think (newest!) | Yes | Maybe - see Comments | Reaver 1.3 | Yes | Reaver gives thousands of errormessages when I try to crack this type of AP. Tried several parameters... Strange WPS implementation!?!? | 00:1D:7E:AD | f.reddy | 66026402 | ||
82 | E2500 | Linksys | Router | 1.0.02 | Yes | Maybe | Reaver 1.3 | I stopped Reaver after 16 hrs with no success. See comments | No | I left Reaver running overnight, it was stuck in an error the next day after 16 hours. It kept trying to attempt to send a PIN, but every time it would return the error "[!] WARNING: Receive timeout occurred". The WPS LED on the back of the router is normally solid green; it starts to flash on and off during the attack, and when this error is hit the LED turns off and stays off. The only way to fix this is to unplug the router and plug it back in. I was only able to retrieve the pin after resetting the router a few times by unplugging/replugging it and restarting Reaver from where it left off. | 58:6D:8F | Nick | ||
83 | WRT120N | Linksys | Router | v1.0.01 | Yes | Yes | Reaver 1.3 | 4h | no | had to restart the router after 29%, because reaver stuck at the same pin and received timeouts | 00:25:9C | |||
84 | WRT160Nv2 | Linksys | Router | 2.0.03 | Yes | Yes | Reaver | 5 hours | no | |||||
85 | E1000 | Linksys | Router | unknown | Yes | Yes | Reaver 1.3 | 7h | No | 2 seconds/attempt - I let it run all night, had a few hiccups (timeout warnings), but psk was eventually found. | c0:c1:c0 | |||
86 | E1200 | Linksys | Router | 1.0.02 build 5 | Yes | Yes | Reaver 1.4 | 5 hrs, 20 mins | No | 2 secs/attempt; Never locked up EVER! | 58:6D:8F | Molito | ||
87 | E4200 | Linksys | Router | 1.0.02 build 13 May 24, 2011 | No | Yes | Reaver v1.3 | 4 hours | No, it doesn't appear to be | 58:6D:8F | txag | 47158382 | ||
88 | WRT54G2 | Linksys / Cisco | Router | unknown | Yes | Yes | Reaver | 6 hours | Yes, but not sure if it stays off | This information ist from this Arstechnica article http://arst.ch/s0i - filled in by jagermo - but it seems that Linksys does not have a standard-pin | Sean Gallagher | 8699183 | ||
89 | E4200 | Linksys / Cisco | Router | unknown | Yes | Yes | Reaver 1.3 - with PIN-Option | No, see comments | Confirmed that PIN-Method stays switched on, even if you turn WPS off in the management interface. This is really a problem. | jagermo | ||||
90 | WRT350Nv2.1 | Linksys / Cisco | Router | 2.00.20 | Yes | Maybe | Reaver 1.4 | No | Starts testing PINs and after 2 attempts I supose it lock you out. Testet with reaver -p "PIN" ->got WPA Key. | Inakiuy | ||||
91 | WAG160Nv2 | Linksys by Cisco | ADSL Modem Router, Wifi AP | 2.0.0.20 | Yes | Yes | Reaver 1.4 | 5.5 Hrs | No. Though the router's web portal has an option to not choose WPS, it still remains active. | It took about 1.5 seconds per attempt when the router was not doing any activity, took around 5 hrs for the first half of PIN and few mins for rest. The Linksys WAG160Nv2 router doesn't have any lock down and no option to disable WPS either. The Router didn't crash and the PIN was cracked on first attempt, though the mon0 interface on BT5r1 crashed. The Reaver was started again with earlier instance. When the router was active with couple of wired and wireless users with LAN and Internet activity, it took about 40 seconds per attempt. | @_Niranjan | |||
92 | WRT100 | Linksys-Cisco | Router | 1.0.05 | Yes | Yes | Reaver 1.4 | 76 minutes | No | cracked PIN was not the same as the PIN displayed in the router's security settings. looks like pin can be customized but there is also a default PIN hard coded into the router. | 00:1D:7E | |||
93 | WRT100 | Linksys-Cisco | Router | 1.0.05 | Yes | Yes | Reaver 1.4 | 76 minutes | No | cracked PIN was not the same as the PIN displayed in the router's security settings. looks like pin can be customized but there is also a default PIN hard coded into the router. | 00:1D:7E | |||
94 | NP800n | Netcomm | Wireless Router | 1.0.14 | Yes | Yes | Reaver 1.3 | 10 hours | yes | n/a | ISP rep | |||
95 | CG3100 | Netgear | Cable Modem (with built in Gateway/AP) | 3.9.21.9.mp1.V0028 | No | No | Reaver 1.2 | Yes | This device has support for WPS, turned off by default, and only through the Push-Button and Registrar PIN method (i.e. enter the Wireless Adapters PIN at the AP side, as opposed to enter the APs PIN at the Wireless Adapter side) | c4:3d:c7 | ||||
96 | CG3100D | NETGEAR | Cable/router | unknown | Yes | Yes | reaver svn rev. 52 | 5 hours | yes | Is a router provided by very popular ISP, at least in my country. Was tested with options: -r 5 -x 30 -w Signal was about -60 Sometimes reaver enters in a loop and tries the same PIN 10 or 15 times, but luckly continues as normal after these 10-15 tries. | gorilla.maguila@gmail.com | |||
97 | DGND3700 | Netgear | Modem/Router | V1.0.0.12_1.0.12 | Yes | Yes | Reaver 1.3 | Yes | Router has a timeout built in afet approx 20 attempts; using default delay (315 secs) will allow resume - but does significantly slow down the number of attempts/sec. | 20:4E:7F | I'm seeing something similar on the WNDR3700 | |||
98 | WNDR3700 | Netgear | Router | 1.0.7.98 | yes | yes, but.... see comments | Reaver 1.2 | Device locks after WPS Flodding, if you wait for like half an hour and use Reaver 1.3, you can resume the attack. Returns PIN, but WPA2-Passphrase is gibberish | ||||||
99 | DGN1000B | Netgear | Router | 1.00.45 | No | Maybe | WPScrack | is deactivated by default | WPS is only enabled for approx. 2 min when you use push 'n' connect to connect a new device to WLAN. | |||||
100 | MBRN3000 | NetGear | Router (ADSL + 3G) | 1.0.0.43_2.0.11WW | Yes | Yes | Reaver 1.3 | 3h | yes | dankwardo |