ID
VAR-E-200509-0231
TITLE
Linksys WRT54G Wireless Router Multiple Remote Vulnerabilities
Trust: 0.3
DESCRIPTION
Multiple vulnerabilities have been identified in Linksys WRT54G routers. These issue all require that an attacker have access to either the wireless, or internal LAN network segments of the affected device. Exploitation from the WAN interface is only possible if the affected device has remote management enabled.
This issue allows attackers to:
- Download and replace the configuration of affected routers.
- Execute arbitrary machine code in the context of the affected device.
- Utilize HTTP POST requests to upload router configuration and firmware files without proper authentication
- Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | linksys | model: | wrt54g | scope: | eq | version: | v4.04.20.6 | Trust: 0.3 |
vendor: | linksys | model: | wrt54g | scope: | eq | version: | v4.04.0.7 | Trust: 0.3 |
vendor: | linksys | model: | wrt54g | scope: | eq | version: | v3.03.3.6 | Trust: 0.3 |
vendor: | linksys | model: | wrt54g | scope: | eq | version: | v3.03.1.3 | Trust: 0.3 |
vendor: | linksys | model: | wrt54g | scope: | eq | version: | v2.02.4.4 | Trust: 0.3 |
EXPLOIT
An exploit is not required for most of these vulnerabilities.
Currently we are not aware of any exploits for the buffer overflow issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
These vulnerabilities were discovered by Greg MacManus of iDEFENSE Labs.
Trust: 0.3
EXTERNAL IDS
db: | BID | id: | 14822 | Trust: 0.3 |
REFERENCES
url: | http://www.linksys.com/products/product.asp?prid=508&scid=35 | Trust: 0.3 |
url: | http://www.idefense.com/application/poi/display?id=308&type=vulnerabilities | Trust: 0.3 |
url: | http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities | Trust: 0.3 |
url: | http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities | Trust: 0.3 |
url: | http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities | Trust: 0.3 |
url: | http://www.linksys.com/ | Trust: 0.3 |
url: | http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities | Trust: 0.3 |
SOURCES
db: | BID | id: | 14822 |
LAST UPDATE DATE
2022-07-27T09:23:33.002000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 14822 | date: | 2005-09-13T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 14822 | date: | 2005-09-13T00:00:00 |