PatchSiren cyber security CVE debrief
CVE-2016-10180 Dlink CVE debrief
CVE-2016-10180 describes a weak-randomness flaw in the D-Link DWR-932B router’s WPS PIN generation. The available record says the PIN generation is based on srand(time(0)) seeding, which makes the output predictable rather than sufficiently random. NVD classifies the issue as high severity and maps it to CWE-335, with related weakness references to CWE-330. For defenders, the main concern is that a predictable WPS PIN can undermine Wi-Fi enrollment controls on affected deployments. The NVD record lists vulnerable firmware for DWR-932B revb devices, and the supplied third-party advisory documents the technical issue. Because the supplied corpus does not include vendor remediation details, mitigation should focus on disabling WPS where possible, updating or replacing affected firmware, and reducing exposure of the router and its wireless management functions.
- Vendor
- Dlink
- Product
- CVE-2016-10180
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-30
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-30
- Advisory updated
- 2026-05-13
Who should care
Owners, administrators, and support teams responsible for D-Link DWR-932B routers, especially environments that still use WPS for Wi-Fi onboarding or that expose the device to untrusted users.
Technical summary
The vulnerability is a predictable-seed random number generation problem in WPS PIN creation. According to the supplied sources, the D-Link DWR-932B router seeds PIN generation with srand(time(0)), which can make the resulting PIN guessable within a narrow time window. NVD lists the affected firmware CPE as dlink:dwr-932b_firmware:02.02eu:revb and classifies the weakness as CWE-335, with secondary references to CWE-330 and CWE-1241. The NVD CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
High for any exposed or actively used deployment. This is a network-reachable weakness in wireless access control, and predictable WPS PIN generation can significantly weaken the security of router onboarding and protected Wi-Fi access.
Recommended defensive actions
- Inventory D-Link DWR-932B devices and verify whether affected firmware is deployed.
- Disable WPS if it is not strictly required for operations.
- Apply vendor firmware updates if an affected build is still supported; otherwise plan replacement of unsupported hardware.
- Restrict router administration and wireless access to trusted networks and users.
- Review wireless onboarding procedures for unexpected enrollments or configuration changes.
- Treat the issue as high priority on any internet-exposed or consumer-managed deployment.
Evidence notes
The debrief is based on the supplied NVD record and linked third-party advisory only. The official NVD entry classifies the weakness as CWE-335 and provides the affected CPE plus the CVSS vector. The third-party advisory reference supplies the technical description that WPS PIN generation uses srand(time(0)). One listed SecurityFocus reference is marked as a broken link in the source metadata. No vendor patch guidance was included in the provided corpus.
Official resources
-
CVE-2016-10180 CVE record
CVE.org
-
CVE-2016-10180 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Broken Link, Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
CVE published: 2017-01-30. NVD record last modified: 2026-05-13. The supplied references indicate the technical weakness was documented in third-party material before CVE publication, but the dates here are the CVE publication and record-mg