This was disclosed by the United States Computer Emergency Readiness Team (US-CERT), one of the national security agencies of the United States.
WPS is often used by network administrators to limit the number of users connected to a specific access point, usually is password protection.
Users typically live enter a specific number or letter, then if it matches the system will allow users enter and use the network, otherwise it will be rejected. "When the authentication fails, the access point will send back a message EAP-NACK to the client. The message is what can be used hackers to infiltrate," said Stefan Viehbock, one expert network of US-CERT.
It is said that the gap has been found in a number of products made by Netgear, D-Link, Buffalo and Linksys.