Details of VAR-200909-0134

ID

VAR-200909-0134

CVE

CVE-2009-3341

TITLE

Linksys WRT54GL Wireless router buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004975

DESCRIPTION

Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. WRT54GL is prone to a remote security vulnerability. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linksys WRT54GL Unspecified Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36571 VERIFY ADVISORY: http://secunia.com/advisories/36571/ DESCRIPTION: A vulnerability has been reported in Linksys WRT54GL, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is currently available. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2009-3341 // JVNDB: JVNDB-2009-004975 // BID: 82342 // BID: 87522 // VULHUB: VHN-40787 // PACKETSTORM: 80968

AFFECTED PRODUCTS

vendor:	linksys	model:	wrt54gl	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco linksys	model:	wrt54gl	scope:	-	version:	-	Trust: 0.8
vendor:	linksys	model:	wrt54gl	scope:	eq	version:	0	Trust: 0.6
vendor:	linksys	model:	wrt54gl	scope:	-	version:	-	Trust: 0.6

sources: BID: 82342 // BID: 87522 // JVNDB: JVNDB-2009-004975 // CNNVD: CNNVD-200909-453 // NVD: CVE-2009-3341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3341
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-3341
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200909-453
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-40787
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-3341
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-40787
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-40787 // JVNDB: JVNDB-2009-004975 // CNNVD: CNNVD-200909-453 // NVD: CVE-2009-3341

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-40787 // JVNDB: JVNDB-2009-004975 // NVD: CVE-2009-3341

THREAT TYPE

network

Trust: 0.6

sources: BID: 82342 // BID: 87522

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 82342 // BID: 87522

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004975

PATCH

title:

Linksys

url:

http://home.cisco.com/en-apac/home

Trust: 0.8

sources: JVNDB: JVNDB-2009-004975

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3341	Trust: 3.1
db:	SECTRACK	id:	1022827	Trust: 2.3
db:	SECUNIA	id:	36571	Trust: 1.8
db:	JVNDB	id:	JVNDB-2009-004975	Trust: 0.8
db:	CNNVD	id:	CNNVD-200909-453	Trust: 0.7
db:	BID	id:	87522	Trust: 0.4
db:	BID	id:	82342	Trust: 0.4
db:	VULHUB	id:	VHN-40787	Trust: 0.1
db:	PACKETSTORM	id:	80968	Trust: 0.1

sources: VULHUB: VHN-40787 // BID: 82342 // BID: 87522 // JVNDB: JVNDB-2009-004975 // PACKETSTORM: 80968 // CNNVD: CNNVD-200909-453 // NVD: CVE-2009-3341

REFERENCES

url:	http://intevydis.com/vd-list.shtml	Trust: 2.4
url:	http://www.securitytracker.com/id?1022827	Trust: 2.3
url:	http://secunia.com/advisories/36571	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3341	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3341	Trust: 0.8
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/36571/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-40787 // BID: 82342 // BID: 87522 // JVNDB: JVNDB-2009-004975 // PACKETSTORM: 80968 // CNNVD: CNNVD-200909-453 // NVD: CVE-2009-3341

CREDITS

Unknown

Trust: 0.6

sources: BID: 82342 // BID: 87522

SOURCES

db:	VULHUB	id:	VHN-40787
db:	BID	id:	82342
db:	BID	id:	87522
db:	JVNDB	id:	JVNDB-2009-004975
db:	PACKETSTORM	id:	80968
db:	CNNVD	id:	CNNVD-200909-453
db:	NVD	id:	CVE-2009-3341

LAST UPDATE DATE

2025-04-10T23:15:31.410000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-40787	date:	2009-09-28T00:00:00
db:	BID	id:	82342	date:	2009-09-24T00:00:00
db:	BID	id:	87522	date:	2009-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2009-004975	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200909-453	date:	2009-09-28T00:00:00
db:	NVD	id:	CVE-2009-3341	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-40787	date:	2009-09-24T00:00:00
db:	BID	id:	82342	date:	2009-09-24T00:00:00
db:	BID	id:	87522	date:	2009-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2009-004975	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	80968	date:	2009-09-03T05:18:59
db:	CNNVD	id:	CNNVD-200909-453	date:	2009-09-24T00:00:00
db:	NVD	id:	CVE-2009-3341	date:	2009-09-24T16:30:01.733