Off the top of my head the only way to exploit this would be either by your ISP or the security services (via your ISP, or the router manufacturer).
Since WAN mac addresses don't travel very far upstream. Typically only to the local exchange. So in order for someone to utilise that to generate a WPS key they would have to sit at the exchange (on your side of the connection) and do it.
The manufacturer might also store the WAN mac addresses of each piece of equipment they produce (along with serial, etc) and depending on the supply chain you purchased the router down or if you registered it, they could figure out your router's WAN/WPS pin that way.
In general PIN-based WPS is a bad idea. Turn it off and do button WPS only. Or turn it on only as needed.
> WAN mac addresses don't travel very far upstream
This doesn't matter, and it's addressed in the post. He mentions many devices actually do use the BSSID (which is sent in every wireless frame), and the WAN MAC is usually very close to the BSSID anyway so you can guess it in very few tries.
Eh? Don't wifi networks typically broadcast their MACs? they're required for WPA2. On my AP the MAC on the WAN (eth0) interface is the same as the LAN (wlan0)
There are two MAC addresses, the WAN MAC address is used to talk to the router that it gets internet from, in this case your ISP's router is the only thing that sees it.
The LAN MAC address is what is broadcasted.
But the article says that the two are just 1 off from each other on many routers, so knowing one, you can find the other.
Since WAN mac addresses don't travel very far upstream. Typically only to the local exchange. So in order for someone to utilise that to generate a WPS key they would have to sit at the exchange (on your side of the connection) and do it.
The manufacturer might also store the WAN mac addresses of each piece of equipment they produce (along with serial, etc) and depending on the supply chain you purchased the router down or if you registered it, they could figure out your router's WAN/WPS pin that way.
In general PIN-based WPS is a bad idea. Turn it off and do button WPS only. Or turn it on only as needed.