OSVDB ID: 20877

Title: Belkin Wireless Router Web Management Multiple Session Authentication Bypass

Info

Disclosure

Nov 15, 2005

Discovery

Unknown

Dates

Exploit

Nov 15, 2005

Solution

Unknown

Description

Belkin Wireless Router contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a legitimate administrator is logged in. During the session an attacker can browse and change the router configuration through the web interface. This flaw may lead to a loss of confidentiality.

Classification

Location: Remote / Network Access, Wireless Vector
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Rumored

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Belkin Corporation	Wireless Router F5D7232-4	4.05.03
		4.03.03
	Wireless Router F5D7230-4	4.05.03
		4.03.03

References

Bugtraq ID: 15444
Secunia Advisory ID: 17601
CVE ID: 2005-3802 (see also: NVD)
ISS X-Force ID: 23059
VUPEN Advisory: ADV-2005-2453
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0219.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html
http://marc.theaimsgroup.com/?l=bugtraq&m=113209977115233&w=2
Vendor URL: http://www.belkin.com

Credit

Andrei Mikhailovsky - mlistsarhont.com - Arhont Ltd.

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Belkin Corporation

Wireless Router F5D7232-4

Wireless Router F5D7230-4

References

Credit