Predictable WPA keys for Cisco EPC 2425 routers issued by UPC


UPC Cisco EPC 2425 Wireless Router

UPC Cisco EPC 2425 Wireless Router


The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the handshake is obtained by an attacker.


The WPA pass phrase has the following features:


  • Random
  • A to Z Uppercase only
  • 8 characters long
  • 208,827,064,576 possible combinations ( AAAAAAAA – ZZZZZZZZ ) 26^8


Due to the recent optimizations in cracking WPA-PSK handshakes with GPU cards, the above range ( AAAAAAAA to ZZZZZZZZ – 26^8 ) can be brute forced within 6 days at a rate of 400,000 keys per second.


We advise UPC  customers who are using the Cisco EPC 2425 routers to increase their WiFi security by changing their default pass phrase to a longer, more complex pass phrase.