CVE-2005-1606

H-Sphere Winbox <2.4.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1606. PoCs published by Morning Wood.

AI-analyzed exploit summary This writeup describes an information disclosure vulnerability in Positive Software H-Sphere Winbox where user credentials are stored in plaintext within log files. The vulnerability allows local users with access to the log files to retrieve sensitive account information.

Description

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Morning Wood · textlocalwindows
https://www.exploit-db.com/exploits/25636

This writeup describes an information disclosure vulnerability in Positive Software H-Sphere Winbox where user credentials are stored in plaintext within log files. The vulnerability allows local users with access to the log files to retrieve sensitive account information.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Positive Software H-Sphere Winbox
No auth needed
Prerequisites: Local access to the system · Permissions to read log files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13559
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20522
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15287
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16239

Scores

EPSS 0.0083
EPSS Percentile 52.7%

Details

Status published
Products (2)
positive_software/h-sphere_winbox 2.4.2_patch_4
positive_software/h-sphere_winbox 2.4.3_rc1
Published May 16, 2005
Tracked Since Feb 18, 2026