Sign-up

ID

VAR-200509-0097


CVE

CVE-2005-2916


TITLE

Linksys WRT54G User authentication bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

DESCRIPTION

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router. cgi to modify configuration or (2) upload new firmware using upgrade.cgi

Trust: 1.26

sources: NVD: CVE-2005-2916 // BID: 89357 // VULHUB: VHN-14125

AFFECTED PRODUCTS

vendor:linksysmodel:wrt54gscope:eqversion:3.01.3

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:3.03.6

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:4.00.7

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:v4.04.0.7

Trust: 0.3

vendor:linksysmodel:wrt54gscope:eqversion:v3.03.3.6

Trust: 0.3

sources: BID: 89357 // CNNVD: CNNVD-200509-119 // NVD: CVE-2005-2916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-2916
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200509-119
value: MEDIUM

Trust: 0.6

VULHUB: VHN-14125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-2916
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-14125
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-14125 // CNNVD: CNNVD-200509-119 // NVD: CVE-2005-2916

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

EXTERNAL IDS

db:NVDid:CVE-2005-2916

Trust: 2.0

db:CNNVDid:CNNVD-200509-119

Trust: 0.7

db:IDEFENSEid:20050913 LINKSYS WRT54G 'UPGRADE.CGI' FIRMWARE UPLOAD DESIGN ERROR VULNERABILITY

Trust: 0.6

db:IDEFENSEid:20050913 LINKSYS WRT54G 'RESTORE.CGI' CONFIGURATION MODIFICATION DESIGN ERROR VULNERABILITY

Trust: 0.6

db:BIDid:89357

Trust: 0.3

db:VULHUBid:VHN-14125

Trust: 0.1

sources: VULHUB: VHN-14125 // BID: 89357 // CNNVD: CNNVD-200509-119 // NVD: CVE-2005-2916

REFERENCES

url:http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities

Trust: 1.9

url:http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities

Trust: 1.9

url:http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities

Trust: 0.1

url:http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities

Trust: 0.1

sources: VULHUB: VHN-14125 // BID: 89357 // CNNVD: CNNVD-200509-119 // NVD: CVE-2005-2916

CREDITS

Unknown

Trust: 0.3

sources: BID: 89357

SOURCES

db:VULHUBid:VHN-14125
db:BIDid:89357
db:CNNVDid:CNNVD-200509-119
db:NVDid:CVE-2005-2916

LAST UPDATE DATE

2025-04-03T22:25:06.528000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-14125date:2008-09-05T00:00:00
db:BIDid:89357date:2016-07-06T14:34:00
db:CNNVDid:CNNVD-200509-119date:2005-10-20T00:00:00
db:NVDid:CVE-2005-2916date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-14125date:2005-09-14T00:00:00
db:BIDid:89357date:2005-09-14T00:00:00
db:CNNVDid:CNNVD-200509-119date:2005-09-14T00:00:00
db:NVDid:CVE-2005-2916date:2005-09-14T21:03:00