Details of VAR-200509-0097

ID

VAR-200509-0097

CVE

CVE-2005-2916

TITLE

Linksys WRT54G User authentication bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

DESCRIPTION

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router. cgi to modify configuration or (2) upload new firmware using upgrade.cgi

Trust: 1.26

sources: NVD: CVE-2005-2916 // BID: 89357 // VULHUB: VHN-14125

AFFECTED PRODUCTS

vendor:	linksys	model:	wrt54g	scope:	eq	version:	3.03.6	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	3.01.3	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	4.00.7	Trust: 1.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	v4.04.0.7	Trust: 0.3
vendor:	linksys	model:	wrt54g	scope:	eq	version:	v3.03.3.6	Trust: 0.3

sources: BID: 89357 // NVD: CVE-2005-2916 // CNNVD: CNNVD-200509-119

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-2916
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200509-119
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-14125
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14125
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-14125 // NVD: CVE-2005-2916 // CNNVD: CNNVD-200509-119

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200509-119

CONFIGURATIONS

sources: NVD: CVE-2005-2916

EXTERNAL IDS

db:	NVD	id:	CVE-2005-2916	Trust: 2.0
db:	CNNVD	id:	CNNVD-200509-119	Trust: 0.7
db:	IDEFENSE	id:	20050913 LINKSYS WRT54G 'UPGRADE.CGI' FIRMWARE UPLOAD DESIGN ERROR VULNERABILITY	Trust: 0.6
db:	IDEFENSE	id:	20050913 LINKSYS WRT54G 'RESTORE.CGI' CONFIGURATION MODIFICATION DESIGN ERROR VULNERABILITY	Trust: 0.6
db:	BID	id:	89357	Trust: 0.3
db:	VULHUB	id:	VHN-14125	Trust: 0.1

sources: VULHUB: VHN-14125 // BID: 89357 // NVD: CVE-2005-2916 // CNNVD: CNNVD-200509-119

REFERENCES

url:	http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities	Trust: 1.9
url:	http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities	Trust: 1.9
url:	http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities	Trust: 0.1
url:	http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities	Trust: 0.1

sources: VULHUB: VHN-14125 // BID: 89357 // NVD: CVE-2005-2916 // CNNVD: CNNVD-200509-119

CREDITS

Unknown

Trust: 0.3

sources: BID: 89357

SOURCES

db:	VULHUB	id:	VHN-14125
db:	BID	id:	89357
db:	NVD	id:	CVE-2005-2916
db:	CNNVD	id:	CNNVD-200509-119

LAST UPDATE DATE

2023-12-18T12:47:16.724000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-14125	date:	2008-09-05T00:00:00
db:	BID	id:	89357	date:	2016-07-06T14:34:00
db:	NVD	id:	CVE-2005-2916	date:	2008-09-05T20:52:59.187
db:	CNNVD	id:	CNNVD-200509-119	date:	2005-10-20T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-14125	date:	2005-09-14T00:00:00
db:	BID	id:	89357	date:	2005-09-14T00:00:00
db:	NVD	id:	CVE-2005-2916	date:	2005-09-14T21:03:00
db:	CNNVD	id:	CNNVD-200509-119	date:	2005-09-14T00:00:00