Details of VAR-200509-0096

ID

VAR-200509-0096

CVE

CVE-2005-2915

TITLE

Linksys WRT54G ezconfig.asp Weak coding vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-117

DESCRIPTION

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router

Trust: 1.26

sources: NVD: CVE-2005-2915 // BID: 89351 // VULHUB: VHN-14124

AFFECTED PRODUCTS

vendor:	linksys	model:	wrt54g	scope:	eq	version:	3.01.3	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	3.03.6	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	2.04.4_non_default	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	v3.03.3.6	Trust: 0.3

sources: BID: 89351 // NVD: CVE-2005-2915 // CNNVD: CNNVD-200509-117

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-2915
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200509-117
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-14124
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14124
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14124 // NVD: CVE-2005-2915 // CNNVD: CNNVD-200509-117

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200509-117

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200509-117

CONFIGURATIONS

sources: NVD: CVE-2005-2915

EXTERNAL IDS

db:	NVD	id:	CVE-2005-2915	Trust: 2.0
db:	IDEFENSE	id:	20050913 LINKSYS WRT54G ROUTER REMOTE ADMINISTRATION FIXED ENCRYPTION KEY VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200509-117	Trust: 0.6
db:	BID	id:	89351	Trust: 0.3
db:	VULHUB	id:	VHN-14124	Trust: 0.1

sources: VULHUB: VHN-14124 // BID: 89351 // NVD: CVE-2005-2915 // CNNVD: CNNVD-200509-117

REFERENCES

url:	http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities	Trust: 1.9
url:	http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities	Trust: 0.1

sources: VULHUB: VHN-14124 // BID: 89351 // NVD: CVE-2005-2915 // CNNVD: CNNVD-200509-117

CREDITS

Unknown

Trust: 0.3

sources: BID: 89351

SOURCES

db:	VULHUB	id:	VHN-14124
db:	BID	id:	89351
db:	NVD	id:	CVE-2005-2915
db:	CNNVD	id:	CNNVD-200509-117

LAST UPDATE DATE

2023-12-18T13:26:00.656000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14124	date:	2008-09-05T00:00:00
db:	BID	id:	89351	date:	2016-07-06T14:34:00
db:	NVD	id:	CVE-2005-2915	date:	2008-09-05T20:52:59.047
db:	CNNVD	id:	CNNVD-200509-117	date:	2005-10-25T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14124	date:	2005-09-14T00:00:00
db:	BID	id:	89351	date:	2005-09-14T00:00:00
db:	NVD	id:	CVE-2005-2915	date:	2005-09-14T21:03:00
db:	CNNVD	id:	CNNVD-200509-117	date:	2005-09-14T00:00:00