CVE-2011-5053

Wi-Fi Protected Setup Protocol - Improper Authentication via EAP-NACK Message Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5053. PoCs published by cheffner.

AI-analyzed exploit summary This exploit targets WiFi Protected Setup (WPS) vulnerabilities in 802.11 access points, allowing brute-force attacks to recover WPA/WPA2 passphrases. It leverages a design flaw in WPS to exhaustively test PINs.

Description

The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

Exploits (1)

exploitdb WORKING POC
by cheffner · textremotehardware
https://www.exploit-db.com/exploits/18291

This exploit targets WiFi Protected Setup (WPS) vulnerabilities in 802.11 access points, allowing brute-force attacks to recover WPA/WPA2 passphrases. It leverages a design flaw in WPS to exhaustively test PINs.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: 802.11 access points with WiFi Protected Setup enabled
No auth needed
Prerequisites: Physical proximity to the target access point · WPS enabled on the target access point
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/723755
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-006A.html
Issue Tracking x_refsource_misc
http://code.google.com/p/reaver-wps/

Scores

EPSS 0.0334
EPSS Percentile 87.2%

Details

CWE
CWE-287
Status published
Products (1)
wi-fi/wifi_protected_setup_protocol
Published Jan 06, 2012
Tracked Since Feb 18, 2026