VAR-200511-0312
Vulnerability from variot - Updated: 2025-04-03 22:10Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process. This issue allows remote attackers to gain administrative access to affected devices. Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices. Belkin Corporation is a manufacturer of peripheral electronic products, and F5D7232-4 and F5D7230-4 are wireless routers produced by it.
TITLE: Belkin Wireless G Router Web Management Authentication Bypass
SECUNIA ADVISORY ID: SA17601
VERIFY ADVISORY: http://secunia.com/advisories/17601/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Belkin Wireless G Router http://secunia.com/product/6130/
DESCRIPTION: Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an access control error in the router's web-based management page.
The vulnerability has been reported in models F5D7230-4 and F5D7232-4 using the latest firmware 4.03.03 and 4.05.03.
SOLUTION: Restrict access to the web-based management page.
PROVIDED AND/OR DISCOVERED BY: Andrei Mikhailovsky, Arhont Ltd.
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200511-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f5d7230-4",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "4.5.3"
},
{
"model": "f5d7230-4",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "4.3.3"
},
{
"model": "f5d7232-4",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "4.5.3"
},
{
"model": "f5d7232-4",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "4.3.3"
},
{
"model": "f5d7232-4",
"scope": null,
"trust": 0.3,
"vendor": "belkin",
"version": null
},
{
"model": "f5d7230-4",
"scope": null,
"trust": 0.3,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "15444"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrei Mikhailovsky \u003cmlists@arhont.com\u003e discovered this vulnerability.",
"sources": [
{
"db": "BID",
"id": "15444"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
}
],
"trust": 0.9
},
"cve": "CVE-2005-3802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2005-3802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-15010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3802",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200511-379",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-15010",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15010"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process. \nThis issue allows remote attackers to gain administrative access to affected devices. \nBelkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices. Belkin Corporation is a manufacturer of peripheral electronic products, and F5D7232-4 and F5D7230-4 are wireless routers produced by it. \n\nTITLE:\nBelkin Wireless G Router Web Management Authentication Bypass\n\nSECUNIA ADVISORY ID:\nSA17601\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17601/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nBelkin Wireless G Router\nhttp://secunia.com/product/6130/\n\nDESCRIPTION:\nAndrei Mikhailovsky has reported a vulnerability in Belkin Wireless G\nRouter, which can be exploited by malicious people to bypass certain\nsecurity restrictions. \r\n\r\nThe vulnerability is caused due to an access control error in the\nrouter\u0027s web-based management page. \r\n\r\nThe vulnerability has been reported in models F5D7230-4 and F5D7232-4\nusing the latest firmware 4.03.03 and 4.05.03. \n\nSOLUTION:\nRestrict access to the web-based management page. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrei Mikhailovsky, Arhont Ltd. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3802"
},
{
"db": "BID",
"id": "15444"
},
{
"db": "VULHUB",
"id": "VHN-15010"
},
{
"db": "PACKETSTORM",
"id": "41594"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15444",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17601",
"trust": 1.8
},
{
"db": "SREASON",
"id": "186",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-2453",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3802",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "20877",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379",
"trust": 0.7
},
{
"db": "XF",
"id": "23059",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20051115 AUTHENTICATION VULNERABILITY IN BELKIN WIRELESS DEVICES",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20051115 AUTHENTICATION VULNERABILITY IN BELKIN WIRELESS DEVICES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-15010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41594",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15010"
},
{
"db": "BID",
"id": "15444"
},
{
"db": "PACKETSTORM",
"id": "41594"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"id": "VAR-200511-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15010"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:10:48.473000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://secunia.com/advisories/17601/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15444/"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0489.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/20877"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/186"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2453"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23059"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=113209977115233\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/23059"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=113209977115233\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/2453"
},
{
"trust": 0.3,
"url": "http://catalog.belkin.com/iwcatproductpage.process?merchant_id=\u0026section_id=201522\u0026pcount=\u0026product_id=136493"
},
{
"trust": 0.3,
"url": "/archive/1/416736"
},
{
"trust": 0.3,
"url": "/archive/1/416884"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=113209977115233\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6130/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15010"
},
{
"db": "BID",
"id": "15444"
},
{
"db": "PACKETSTORM",
"id": "41594"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-15010"
},
{
"db": "BID",
"id": "15444"
},
{
"db": "PACKETSTORM",
"id": "41594"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-15010"
},
{
"date": "2005-11-15T00:00:00",
"db": "BID",
"id": "15444"
},
{
"date": "2005-11-19T21:56:12",
"db": "PACKETSTORM",
"id": "41594"
},
{
"date": "2005-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"date": "2005-11-24T11:03:00",
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-15010"
},
{
"date": "2005-11-15T00:00:00",
"db": "BID",
"id": "15444"
},
{
"date": "2005-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200511-379"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-3802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wireless Router Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200511-379"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…