VAR-200505-0999
Vulnerability from variot - Updated: 2025-04-03 21:21Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. An attacker may leverage this issue to arbitrarily change the administration password of an affected device, facilitating a complete compromise of the device.
Want a new IT Security job?
Vacant positions at Secunia: http://secunia.com/secunia_vacancies/
TITLE: Linksys WET11 Password Change Security Bypass Vulnerability
SECUNIA ADVISORY ID: SA14871
VERIFY ADVISORY: http://secunia.com/advisories/14871/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Linksys WET11 http://secunia.com/product/645/
DESCRIPTION: Kristian Hermansen has reported a vulnerability in Linksys WET11, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to set a blank password and gain access to the device.
Example: http://[victim]/changepw.html?data=........................
NOTE: In version 1.5.4, successful exploitation requires that a user has logged in recently.
The vulnerability has been reported in version 1.5.4. Other versions may also be affected.
SOLUTION: Restrict access to the administrative web interface.
PROVIDED AND/OR DISCOVERED BY: Kristian Hermansen
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0999",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wet11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.4.3"
},
{
"model": "wet11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.5.4"
},
{
"model": "wet11",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wet11",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wet11 wireless ethernet bridge",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.5.4"
},
{
"model": "wet11 wireless ethernet bridge",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4.3"
},
{
"model": "wet11 wireless ethernet bridge",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "13051"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kristian Hermansen \u003ckhermansen@ht-technology.com\u003e is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "13051"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
}
],
"trust": 0.9
},
"cve": "CVE-2005-1059",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2005-1059",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-12268",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-1059",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-341",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-12268",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2005-1059",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests. \nAn attacker may leverage this issue to arbitrarily change the administration password of an affected device, facilitating a complete compromise of the device. \n----------------------------------------------------------------------\n\nWant a new IT Security job?\n\nVacant positions at Secunia:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WET11 Password Change Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA14871\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/14871/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nLinksys WET11\nhttp://secunia.com/product/645/\n\nDESCRIPTION:\nKristian Hermansen has reported a vulnerability in Linksys WET11,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. This can be\nexploited to set a blank password and gain access to the device. \n\nExample:\nhttp://[victim]/changepw.html?data=........................ \n\nNOTE: In version 1.5.4, successful exploitation requires that a user\nhas logged in recently. \n\nThe vulnerability has been reported in version 1.5.4. Other versions\nmay also be affected. \n\nSOLUTION:\nRestrict access to the administrative web interface. \n\nPROVIDED AND/OR DISCOVERED BY:\nKristian Hermansen\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1059"
},
{
"db": "BID",
"id": "13051"
},
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"db": "PACKETSTORM",
"id": "36986"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12268",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25359",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1059",
"trust": 2.1
},
{
"db": "BID",
"id": "13051",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "14871",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341",
"trust": 0.7
},
{
"db": "XF",
"id": "20008",
"trust": 0.6
},
{
"db": "XF",
"id": "11",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20050407 CISCO LINKSYS WET11 PASSWORD RESETTING VULNERABILITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "25359",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-79022",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12268",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2005-1059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "36986",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"db": "BID",
"id": "13051"
},
{
"db": "PACKETSTORM",
"id": "36986"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"id": "VAR-200505-0999",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12268"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T21:21:38.492000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/13051"
},
{
"trust": 1.8,
"url": "http://www.derkeiler.com/mailing-lists/full-disclosure/2005-04/0148.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/14871"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20008"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/20008"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?grid=22\u0026prid=432"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/25359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/645/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://[victim]/changepw.html?data=........................"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/14871/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"db": "BID",
"id": "13051"
},
{
"db": "PACKETSTORM",
"id": "36986"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12268"
},
{
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"db": "BID",
"id": "13051"
},
{
"db": "PACKETSTORM",
"id": "36986"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12268"
},
{
"date": "2005-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"date": "2005-04-07T00:00:00",
"db": "BID",
"id": "13051"
},
{
"date": "2005-04-17T07:20:27",
"db": "PACKETSTORM",
"id": "36986"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-12268"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2005-1059"
},
{
"date": "2009-07-12T12:56:00",
"db": "BID",
"id": "13051"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-341"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-1059"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WET11 Password Update Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "13051"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-341"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…