Details of VAR-201006-0504

ID

VAR-201006-0504

TITLE

Linksys WAP54Gv3 Wireless Router 'debug.cgi' Cross-Site Scripting Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2010-1168 // BID: 41061

DESCRIPTION

Linksys WAP54Gv3 is a wireless router device. The Linksys WAP54Gv3 debug.cgi script is used to debug devices. As the POST variable data submitted by the user lacks sufficient filtering when returning the <textarea> tag of the output page, it can trigger a cross-site scripting attack. Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following firmware versions are vulnerable: 3.05.03 (Europe) 3.04.03 (US)

Trust: 0.81

sources: CNVD: CNVD-2010-1168 // BID: 41061

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1168

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	wap54gv3	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	linksys	model:	wap54gv3	scope:	eq	version:	3.4.3	Trust: 0.3

sources: CNVD: CNVD-2010-1168 // BID: 41061

THREAT TYPE

network

Trust: 0.3

sources: BID: 41061

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 41061

EXTERNAL IDS

db:	BID	id:	41061	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1168	Trust: 0.6

sources: CNVD: CNVD-2010-1168 // BID: 41061

REFERENCES

url:	http://www.icysilence.org/wp-content/uploads/is-2010-003_linksys_wap54gv3_debug.cgi_cross_site_scripting.txt	Trust: 0.9
url:	http://www.linksys.com	Trust: 0.3

sources: CNVD: CNVD-2010-1168 // BID: 41061

CREDITS

Cristofaro Mune

Trust: 0.3

sources: BID: 41061

SOURCES

db:	CNVD	id:	CNVD-2010-1168
db:	BID	id:	41061

LAST UPDATE DATE

2022-05-17T01:51:49.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1168	date:	2010-06-24T00:00:00
db:	BID	id:	41061	date:	2010-06-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1168	date:	2010-06-24T00:00:00
db:	BID	id:	41061	date:	2010-06-23T00:00:00