Details of VAR-200806-0028

ID

VAR-200806-0028

CVE

CVE-2008-2636

TITLE

Linksys WRH54G Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002006

DESCRIPTION

The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. Firmware Cisco Linksys WRH54G of HTTP Service disrupted service operation (DoS) Vulnerabilities exist. Linksys Wrh54g Router is prone to a denial-of-service vulnerability. The URI begins with a "/./" sequence, contains many "front_page" sequences, and ends with an ".asp" sequence. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Linksys WRH54G Denial of Service Vulnerability SECUNIA ADVISORY ID: SA30562 VERIFY ADVISORY: http://secunia.com/advisories/30562/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Linksys WRH54G http://secunia.com/product/19001/ DESCRIPTION: A vulnerability has been reported in Linksys WRH54G, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing HTTP requests. This can be exploited to disable the HTTP service by sending a specially crafted HTTP request to an affected device. The vulnerability is reported in firmware version 1.01.03. Prior versions may also be affected. SOLUTION: Update to firmware version 1.01.04. PROVIDED AND/OR DISCOVERED BY: dubingyao ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2636 // JVNDB: JVNDB-2008-002006 // BID: 84938 // VULHUB: VHN-32761 // PACKETSTORM: 67119

AFFECTED PRODUCTS

vendor:	cisco	model:	linksys wrh54g router	scope:	eq	version:	1.01.03	Trust: 1.6
vendor:	cisco	model:	linksys wrh54g	scope:	eq	version:	firmware 1.01.03	Trust: 0.8
vendor:	cisco	model:	linksys wrh54g router	scope:	eq	version:	1.1.3	Trust: 0.3

sources: BID: 84938 // JVNDB: JVNDB-2008-002006 // CNNVD: CNNVD-200806-137 // NVD: CVE-2008-2636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-2636
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-2636
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200806-137
value:	HIGH
Trust: 0.6
VULHUB:	VHN-32761
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-2636
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-32761
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-32761 // JVNDB: JVNDB-2008-002006 // CNNVD: CNNVD-200806-137 // NVD: CVE-2008-2636

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-32761 // JVNDB: JVNDB-2008-002006 // NVD: CVE-2008-2636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200806-137

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200806-137

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002006

PATCH

title:

Top Page

url:

http://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002006

EXTERNAL IDS

db:	NVD	id:	CVE-2008-2636	Trust: 2.8
db:	SREASON	id:	3929	Trust: 2.0
db:	SECTRACK	id:	1020237	Trust: 2.0
db:	SECUNIA	id:	30562	Trust: 1.8
db:	VUPEN	id:	ADV-2008-1772	Trust: 1.7
db:	XF	id:	42890	Trust: 0.9
db:	JVNDB	id:	JVNDB-2008-002006	Trust: 0.8
db:	XF	id:	54	Trust: 0.6
db:	BUGTRAQ	id:	20080605 REMOTE DOS VULNERABILITY IN LINKSYS WRH54G	Trust: 0.6
db:	CNNVD	id:	CNNVD-200806-137	Trust: 0.6
db:	BID	id:	84938	Trust: 0.4
db:	VULHUB	id:	VHN-32761	Trust: 0.1
db:	PACKETSTORM	id:	67119	Trust: 0.1

sources: VULHUB: VHN-32761 // BID: 84938 // JVNDB: JVNDB-2008-002006 // PACKETSTORM: 67119 // CNNVD: CNNVD-200806-137 // NVD: CVE-2008-2636

REFERENCES

url:	http://www.securitytracker.com/id?1020237	Trust: 2.0
url:	http://securityreason.com/securityalert/3929	Trust: 2.0
url:	http://secunia.com/advisories/30562	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/493129/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/1772/references	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42890	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/42890	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/493129/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2636	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2636	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/1772/references	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/19001/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://corporate.secunia.com/about_secunia/64/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/30562/	Trust: 0.1

sources: VULHUB: VHN-32761 // BID: 84938 // JVNDB: JVNDB-2008-002006 // PACKETSTORM: 67119 // CNNVD: CNNVD-200806-137 // NVD: CVE-2008-2636

CREDITS

Unknown

Trust: 0.3

sources: BID: 84938

SOURCES

db:	VULHUB	id:	VHN-32761
db:	BID	id:	84938
db:	JVNDB	id:	JVNDB-2008-002006
db:	PACKETSTORM	id:	67119
db:	CNNVD	id:	CNNVD-200806-137
db:	NVD	id:	CVE-2008-2636

LAST UPDATE DATE

2025-04-10T21:38:30.057000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-32761	date:	2018-10-11T00:00:00
db:	BID	id:	84938	date:	2008-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2008-002006	date:	2008-12-19T00:00:00
db:	CNNVD	id:	CNNVD-200806-137	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-2636	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-32761	date:	2008-06-10T00:00:00
db:	BID	id:	84938	date:	2008-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2008-002006	date:	2008-12-19T00:00:00
db:	PACKETSTORM	id:	67119	date:	2008-06-10T07:38:04
db:	CNNVD	id:	CNNVD-200806-137	date:	2008-06-09T00:00:00
db:	NVD	id:	CVE-2008-2636	date:	2008-06-10T00:32:00