ID
VAR-E-201306-0192
TITLE
Cisco Linksys X3000 Router Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Cisco Linksys X3000 Router is prone to the following security vulnerabilities:
1. Multiple command-execution vulnerabilities
2. A security-bypass vulnerability
3. Multiple cross-site scripting vulnerabilities
An attacker can exploit these issues to execute arbitrary commands, bypass certain security restrictions, steal cookie-based authentication credentials, or perform unauthorized actions in the context of a user session.
Cisco Linksys X3000 1.0.03 build 001 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | linksys build | scope: | eq | version: | x30001.0.03001 | Trust: 0.3 |
| vendor: | cisco | model: | linksys build | scope: | ne | version: | x30001.0.05002 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through a browser. To exploit cross-site scripting issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example data is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/60736.txt">/data/vulnerabilities/exploits/60736.txt</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Michael Messner
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 60736 | Trust: 0.3 |
REFERENCES
| url: | http://www.s3cur1ty.de/m1adv2013-019 | Trust: 0.3 |
| url: | http://www.linksys.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 60736 |
LAST UPDATE DATE
2022-07-27T09:12:06.143000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 60736 | date: | 2013-06-22T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 60736 | date: | 2013-06-22T00:00:00 |