Details of VAR-200505-0999

ID

VAR-200505-0999

CVE

CVE-2005-1059

TITLE

Linksys WET11 Password Update Remote Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 13051 // CNNVD: CNNVD-200505-341

DESCRIPTION

Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. An attacker may leverage this issue to arbitrarily change the administration password of an affected device, facilitating a complete compromise of the device. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Linksys WET11 Password Change Security Bypass Vulnerability SECUNIA ADVISORY ID: SA14871 VERIFY ADVISORY: http://secunia.com/advisories/14871/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Linksys WET11 http://secunia.com/product/645/ DESCRIPTION: Kristian Hermansen has reported a vulnerability in Linksys WET11, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to set a blank password and gain access to the device. Example: http://[victim]/changepw.html?data=........................ NOTE: In version 1.5.4, successful exploitation requires that a user has logged in recently. The vulnerability has been reported in version 1.5.4. Other versions may also be affected. SOLUTION: Restrict access to the administrative web interface. PROVIDED AND/OR DISCOVERED BY: Kristian Hermansen ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.44

sources: NVD: CVE-2005-1059 // BID: 13051 // VULHUB: VHN-12268 // VULMON: CVE-2005-1059 // PACKETSTORM: 36986

AFFECTED PRODUCTS

vendor:	linksys	model:	wet11	scope:	eq	version:	1.4.3	Trust: 1.6
vendor:	linksys	model:	wet11	scope:	eq	version:	1.5.4	Trust: 1.6
vendor:	linksys	model:	wet11	scope:	eq	version:	*	Trust: 1.0
vendor:	linksys	model:	wet11	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	wet11 wireless ethernet bridge	scope:	eq	version:	1.5.4	Trust: 0.3
vendor:	linksys	model:	wet11 wireless ethernet bridge	scope:	eq	version:	1.4.3	Trust: 0.3
vendor:	linksys	model:	wet11 wireless ethernet bridge	scope:	-	version:	-	Trust: 0.3

sources: BID: 13051 // CNNVD: CNNVD-200505-341 // NVD: CVE-2005-1059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1059
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200505-341
value:	LOW
Trust: 0.6
VULHUB:	VHN-12268
value:	LOW
Trust: 0.1
VULMON:	CVE-2005-1059
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2005-1059
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-12268
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12268 // VULMON: CVE-2005-1059 // CNNVD: CNNVD-200505-341 // NVD: CVE-2005-1059

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1059

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200505-341

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200505-341

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-12268 // VULMON: CVE-2005-1059

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1059	Trust: 2.1
db:	BID	id:	13051	Trust: 2.1
db:	SECUNIA	id:	14871	Trust: 1.9
db:	CNNVD	id:	CNNVD-200505-341	Trust: 0.7
db:	XF	id:	20008	Trust: 0.6
db:	XF	id:	11	Trust: 0.6
db:	FULLDISC	id:	20050407 CISCO LINKSYS WET11 PASSWORD RESETTING VULNERABILITY	Trust: 0.6
db:	EXPLOIT-DB	id:	25359	Trust: 0.2
db:	SEEBUG	id:	SSVID-79022	Trust: 0.1
db:	VULHUB	id:	VHN-12268	Trust: 0.1
db:	VULMON	id:	CVE-2005-1059	Trust: 0.1
db:	PACKETSTORM	id:	36986	Trust: 0.1

sources: VULHUB: VHN-12268 // VULMON: CVE-2005-1059 // BID: 13051 // PACKETSTORM: 36986 // CNNVD: CNNVD-200505-341 // NVD: CVE-2005-1059

REFERENCES

url:	http://www.securityfocus.com/bid/13051	Trust: 1.9
url:	http://www.derkeiler.com/mailing-lists/full-disclosure/2005-04/0148.html	Trust: 1.8
url:	http://secunia.com/advisories/14871	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/20008	Trust: 1.2
url:	http://xforce.iss.net/xforce/xfdb/20008	Trust: 0.6
url:	http://www.linksys.com/products/product.asp?grid=22&prid=432	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/25359/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/645/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://[victim]/changepw.html?data=........................	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/14871/	Trust: 0.1

sources: VULHUB: VHN-12268 // VULMON: CVE-2005-1059 // BID: 13051 // PACKETSTORM: 36986 // CNNVD: CNNVD-200505-341 // NVD: CVE-2005-1059

CREDITS

Kristian Hermansen <khermansen@ht-technology.com> is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 13051 // CNNVD: CNNVD-200505-341

SOURCES

db:	VULHUB	id:	VHN-12268
db:	VULMON	id:	CVE-2005-1059
db:	BID	id:	13051
db:	PACKETSTORM	id:	36986
db:	CNNVD	id:	CNNVD-200505-341
db:	NVD	id:	CVE-2005-1059

LAST UPDATE DATE

2024-08-14T12:37:15.658000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12268	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2005-1059	date:	2017-07-11T00:00:00
db:	BID	id:	13051	date:	2009-07-12T12:56:00
db:	CNNVD	id:	CNNVD-200505-341	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1059	date:	2017-07-11T01:32:30.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12268	date:	2005-05-02T00:00:00
db:	VULMON	id:	CVE-2005-1059	date:	2005-05-02T00:00:00
db:	BID	id:	13051	date:	2005-04-07T00:00:00
db:	PACKETSTORM	id:	36986	date:	2005-04-17T07:20:27
db:	CNNVD	id:	CNNVD-200505-341	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-1059	date:	2005-05-02T04:00:00