What is CVE-2015-5988?

CVE-2015-5988 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 9.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2015-5988

HIGH9.3/ 10.0

Published: December 31, 2015 at 04:59 PM

Modified: April 12, 2025 at 10:46 AM

Source: cret@cert.org

Vulnerability Description

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

CVSS Metrics

Base Score

9.3

Severity

HIGH

Vector String

AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

CWE-255

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Belkin F9K1102 routers running firmware 2.10.17 are vulnerable to a critical security flaw. This vulnerability allows unauthenticated remote attackers on the local network to gain administrative access due to a default blank password on the web management interface, potentially leading to complete network compromise and data exfiltration.

02 // Vulnerability Mechanism

Step 1: Network Access: The attacker must be on the same Local Area Network (LAN) as the vulnerable Belkin F9K1102 router.

Step 2: Accessing the Web Interface: The attacker navigates to the router's web management interface, typically by entering the router's IP address (e.g., 192.168.2.1) in a web browser.

Step 3: Attempting Login: The attacker attempts to log in to the web interface using the default credentials. In this case, the username is likely 'admin' and the password field is left blank.

Step 4: Successful Authentication: Because the password is blank by default, the router accepts the blank password, granting the attacker administrative access.

Step 5: Privilege Escalation: The attacker now has full control over the router, allowing them to modify network settings, change DNS servers, intercept network traffic, and potentially gain access to other devices on the network.

03 // Deep Technical Analysis

The root cause is a configuration error: the web management interface's default password is not set. The firmware developers failed to enforce a password during the initial setup or configuration of the router. This oversight allows any user on the local network to access the administrative interface without authentication. The lack of a password bypasses all authentication checks, granting immediate access to sensitive configuration settings and control of the device. This is a simple but devastating configuration flaw, not a complex technical vulnerability like a buffer overflow or SQL injection.