CVE-2011-5053

Wi-fi Wifi Protected Setup Protocol - Authentication Bypass

Title source: rule

Description

The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

Exploits (1)

exploitdb WORKING POC

by cheffner · textremotehardware

https://www.exploit-db.com/exploits/18291

View Code ZIP pw:eip

References (6)

[Issue Tracking] http://code.google.com/p/reaver-wps/

[Various Sources] http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

[Various Sources] http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/

[Various Sources] http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps

[US Government Resource] http://www.kb.cert.org/vuls/id/723755

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-006A.html

Scores

EPSS 0.2620

EPSS Percentile 96.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

wi-fi/wifi_protected_setup_protocol

Timeline

Published Jan 06, 2012

Tracked Since Feb 18, 2026