Belkin Wireless Router Web Management Multiple Session Authentication Bypass

2005-11-15T08:33:38
ID OSVDB:20877
Type osvdb
Reporter Andrei Mikhailovsky(mlists@arhont.com)
Modified 2005-11-15T08:33:38

Description

Vulnerability Description

Belkin Wireless Router contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a legitimate administrator is logged in. During the session an attacker can browse and change the router configuration through the web interface. This flaw may lead to a loss of confidentiality.

Technical Description

In order to be exploitable, a legitimate user should be currently logged on during the attack.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Belkin Wireless Router contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a legitimate administrator is logged in. During the session an attacker can browse and change the router configuration through the web interface. This flaw may lead to a loss of confidentiality.

References:

Vendor URL: http://www.belkin.com Secunia Advisory ID:17601 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0219.html Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=113209977115233&w=2 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html ISS X-Force ID: 23059 FrSIRT Advisory: ADV-2005-2453 CVE-2005-3802 Bugtraq ID: 15444