EXPLOITS

Linksys WET11 - Password Update Remote Authentication Bypass

Author: Kristian Hermansen
type: remote
platform: hardware
port: 
date_added: 2005-04-07  
date_updated: 2013-05-11  
verified: 1  
codes: CVE-2005-1059;OSVDB-15311  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25359.txt  

source: https://www.securityfocus.com/bid/13051/info

A remote authentication bypass vulnerability affects Linksys WET11. This issue is due to a failure of the application to validate authentication credentials when processing password change requests.

An attacker may leverage this issue to arbitrarily change the administration password of an affected device, facilitating a complete compromise of the device.

http://www.example.com/changepw.html?data=........................