ID
VAR-201012-0377
TITLE
Linksys WRT54G2/BEFSR41 Cross-Site Request Forgery Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2010-3160
DESCRIPTION
The Linksys WRT54G2 is a wireless G broadband router, and the BEFSR41 is a home wired router. Linksys WRT54G2 / BEFSR41 has a vulnerability in implementation, which can be exploited by attackers to initiate cross-site request forgery attacks. This vulnerability stems from 1) a Security.tri error caused by a lack of authentication; 2) the device allows the user to change the router configuration via an HTTP request without performing a web interface error caused by any validity checks on the user's request.
Trust: 0.6
sources:
CNVD: CNVD-2010-3160
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2010-3160
AFFECTED PRODUCTS
| vendor: | linksys | model: | bef | scope: | eq | version: | x.x | Trust: 0.6 |
| vendor: | linksys | model: | wrt54g2 wireless-g broadband router | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2010-3160
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2010-3160 | Trust: 0.6 |
sources:
CNVD: CNVD-2010-3160
REFERENCES
| url: | http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0027.html | Trust: 0.6 |
sources:
CNVD: CNVD-2010-3160
SOURCES
| db: | CNVD | id: | CNVD-2010-3160 |
LAST UPDATE DATE
2022-05-04T08:58:27.915000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-3160 | date: | 2010-12-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-3160 | date: | 2010-12-13T00:00:00 |