ID

VAR-201006-0503

TITLE

Linksys WAP54Gv3 Wireless Router Debug Credential Security Bypass Vulnerability

DESCRIPTION

Linksys WAP54G is a wireless router device. The Linksys WAP54G debug interface allows the SHELL command to execute any root privileges through the WEB page of the device, and the embedded credentials cannot be changed by the user. The WEB page of the following URL allows the shell command to be executed on the device: http://AP_IP_ADDR/Debug_command_page.asphttp://AP_IP_ADDR/debug.cgi where AP_IP_ADDR is the IP address of the device and provides the following authentication information: User: GemtekPassword: gemtekswd Access the device and execute shell commands with root privileges. Smart Statistics is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Smart Statistics 1.0 is vulnerable; other versions may also be affected

IOT TAXONOMY

AFFECTED PRODUCTS

THREAT TYPE

network

TYPE

Input Validation Error

EXTERNAL IDS

REFERENCES

CREDITS

R3d-D3v!L

SOURCES

LAST UPDATE DATE

2022-05-17T01:48:46.987000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE