Details of VAR-200511-0312

ID

VAR-200511-0312

CVE

CVE-2005-3802

TITLE

Belkin Wireless Router Remote Authentication Bypass Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200511-379

DESCRIPTION

Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process. This issue allows remote attackers to gain administrative access to affected devices. Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices. Belkin Corporation is a manufacturer of peripheral electronic products, and F5D7232-4 and F5D7230-4 are wireless routers produced by it. TITLE: Belkin Wireless G Router Web Management Authentication Bypass SECUNIA ADVISORY ID: SA17601 VERIFY ADVISORY: http://secunia.com/advisories/17601/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Belkin Wireless G Router http://secunia.com/product/6130/ DESCRIPTION: Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an access control error in the router's web-based management page. The vulnerability has been reported in models F5D7230-4 and F5D7232-4 using the latest firmware 4.03.03 and 4.05.03. SOLUTION: Restrict access to the web-based management page. PROVIDED AND/OR DISCOVERED BY: Andrei Mikhailovsky, Arhont Ltd. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-3802 // BID: 15444 // VULHUB: VHN-15010 // PACKETSTORM: 41594

AFFECTED PRODUCTS

vendor:	belkin	model:	f5d7230-4	scope:	eq	version:	4.5.3	Trust: 1.6
vendor:	belkin	model:	f5d7230-4	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	belkin	model:	f5d7232-4	scope:	eq	version:	4.5.3	Trust: 1.6
vendor:	belkin	model:	f5d7232-4	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	belkin	model:	f5d7232-4	scope:	-	version:	-	Trust: 0.3
vendor:	belkin	model:	f5d7230-4	scope:	-	version:	-	Trust: 0.3

sources: BID: 15444 // NVD: CVE-2005-3802 // CNNVD: CNNVD-200511-379

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-3802
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200511-379
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-15010
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	TRUE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15010
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-15010 // NVD: CVE-2005-3802 // CNNVD: CNNVD-200511-379

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-379

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200511-379

CONFIGURATIONS

sources: NVD: CVE-2005-3802

EXTERNAL IDS

db:	BID	id:	15444	Trust: 2.0
db:	SECUNIA	id:	17601	Trust: 1.8
db:	SREASON	id:	186	Trust: 1.7
db:	VUPEN	id:	ADV-2005-2453	Trust: 1.7
db:	NVD	id:	CVE-2005-3802	Trust: 1.7
db:	OSVDB	id:	20877	Trust: 1.7
db:	CNNVD	id:	CNNVD-200511-379	Trust: 0.7
db:	XF	id:	23059	Trust: 0.6
db:	BUGTRAQ	id:	20051115 AUTHENTICATION VULNERABILITY IN BELKIN WIRELESS DEVICES	Trust: 0.6
db:	FULLDISC	id:	20051115 AUTHENTICATION VULNERABILITY IN BELKIN WIRELESS DEVICES	Trust: 0.6
db:	VULHUB	id:	VHN-15010	Trust: 0.1
db:	PACKETSTORM	id:	41594	Trust: 0.1

sources: VULHUB: VHN-15010 // BID: 15444 // PACKETSTORM: 41594 // NVD: CVE-2005-3802 // CNNVD: CNNVD-200511-379

REFERENCES

url:	http://secunia.com/advisories/17601/	Trust: 1.8
url:	http://www.securityfocus.com/bid/15444/	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html	Trust: 1.7
url:	http://www.osvdb.org/20877	Trust: 1.7
url:	http://securityreason.com/securityalert/186	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/2453	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/23059	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=113209977115233&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/23059	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=113209977115233&w=2	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2005/2453	Trust: 0.6
url:	http://catalog.belkin.com/iwcatproductpage.process?merchant_id=&section_id=201522&pcount=&product_id=136493	Trust: 0.3
url:	/archive/1/416736	Trust: 0.3
url:	/archive/1/416884	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=113209977115233&w=2	Trust: 0.1
url:	http://secunia.com/product/6130/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-15010 // BID: 15444 // PACKETSTORM: 41594 // NVD: CVE-2005-3802 // CNNVD: CNNVD-200511-379

CREDITS

Andrei Mikhailovsky <mlists@arhont.com> discovered this vulnerability.

Trust: 0.9

sources: BID: 15444 // CNNVD: CNNVD-200511-379

SOURCES

db:	VULHUB	id:	VHN-15010
db:	BID	id:	15444
db:	PACKETSTORM	id:	41594
db:	NVD	id:	CVE-2005-3802
db:	CNNVD	id:	CNNVD-200511-379

LAST UPDATE DATE

2023-12-18T12:47:15.909000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-15010	date:	2017-07-12T00:00:00
db:	BID	id:	15444	date:	2005-11-15T00:00:00
db:	NVD	id:	CVE-2005-3802	date:	2017-07-12T01:29:01.863
db:	CNNVD	id:	CNNVD-200511-379	date:	2005-11-28T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-15010	date:	2005-11-24T00:00:00
db:	BID	id:	15444	date:	2005-11-15T00:00:00
db:	PACKETSTORM	id:	41594	date:	2005-11-19T21:56:12
db:	NVD	id:	CVE-2005-3802	date:	2005-11-24T11:03:00
db:	CNNVD	id:	CNNVD-200511-379	date:	2005-11-24T00:00:00