ID
VAR-E-200608-0905
TITLE
Linksys WRT54GS POST Request Configuration Change Authentication Bypass Vulnerability
Trust: 0.3
DESCRIPTION
Linksys WRT54GS is prone to an authentication-bypass vulnerability. Reportedly, the device permits changes in its configuration settings without requring authentication.
Linksys WRT54GS is prone to an authentication-bypass vulnerability. The problem presents itself when a victim user visits a specially crafted web page on an attacker-controlled site. An attacker can exploit this vulnerability to bypass authentication and modify the configuration settings of the device.
This issue is reported to affect firmware version 1.00.9; other firmware versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | linksys | model: | wrt54g | scope: | eq | version: | v1.01.0.9 | Trust: 0.3 |
| vendor: | linksys | model: | wrt54h | scope: | ne | version: | 4.71.1 | Trust: 0.3 |
| vendor: | linksys | model: | wrt54g | scope: | ne | version: | v51.0.10 | Trust: 0.3 |
EXPLOIT
Attackers may exploit this issue using a command-line tool (such as 'curl') for transferring files with URL syntax.
A sample exploit 'curl' command line has been provided:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/linksys-WRT54g-authentication-bypass.cmd">/data/vulnerabilities/exploits/linksys-WRT54g-authentication-bypass.cmd</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
CREDITS
Ginsu Rabbit is credited with the discovery of this vulnerability.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 19347 | Trust: 0.3 |
REFERENCES
| url: | http://www.linksys.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 19347 |
LAST UPDATE DATE
2022-07-27T09:53:18.270000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 19347 | date: | 2006-11-22T16:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 19347 | date: | 2006-08-04T00:00:00 |