ID
VAR-201207-0695
TITLE
Cisco Linksys WMB54G Remote Command Injection Vulnerability
Trust: 1.5
sources:
CNVD: CNVD-2012-3843 //
BID: 54615 //
CNNVD: CNNVD-201207-412
DESCRIPTION
The Cisco Linksys WMB54G is a wireless music bridge product. The TFTP service lacks proper input validation when running the firmware upgrade feature, allowing an attacker to exploit the vulnerability to inject and execute arbitrary SHELL commands. Cisco Linksys WMB54G is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Cisco Linksys WMB54G 1.0 is vulnerable
Trust: 0.81
sources:
CNVD: CNVD-2012-3843 //
BID: 54615
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-3843
AFFECTED PRODUCTS
| vendor: | cisco | model: | linksys wmb54g | scope: | eq | version: | 1.x | Trust: 0.6 |
sources:
CNVD: CNVD-2012-3843
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201207-412
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 54615
EXTERNAL IDS
| db: | BID | id: | 54615 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2012-3843 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201207-412 | Trust: 0.6 |
sources:
CNVD: CNVD-2012-3843 //
BID: 54615 //
CNNVD: CNNVD-201207-412
REFERENCES
| url: | http://www.devttys0.com/2012/07/hacking-the-linksys-wmb54g/http | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/54615 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20111019-cs | Trust: 0.3 |
sources:
CNVD: CNVD-2012-3843 //
BID: 54615 //
CNNVD: CNNVD-201207-412
CREDITS
Craig
Trust: 0.9
sources:
BID: 54615 //
CNNVD: CNNVD-201207-412
SOURCES
| db: | CNVD | id: | CNVD-2012-3843 |
| db: | BID | id: | 54615 |
| db: | CNNVD | id: | CNNVD-201207-412 |
LAST UPDATE DATE
2022-05-17T02:03:25.693000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-3843 | date: | 2012-07-24T00:00:00 |
| db: | BID | id: | 54615 | date: | 2012-07-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201207-412 | date: | 2012-07-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-3843 | date: | 2012-07-24T00:00:00 |
| db: | BID | id: | 54615 | date: | 2012-07-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201207-412 | date: | 2012-07-24T00:00:00 |