Sign-up

ID

VAR-201301-0469


TITLE

Cisco Linksys WRT54GL Router Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 57459 // CNNVD: CNNVD-201301-398

DESCRIPTION

Allows an attacker to perform malicious actions. The Cisco Linksys WRT54GL Router is a wireless routing device. A security vulnerability exists in the Cisco Linksys WRT54GL Router. Due to the lack of filtering on the wan_hostnam parameter, an attacker can exploit the vulnerability to inject and execute arbitrary shell commands. Since changing the current password does not require providing current password information, an attacker is allowed to submit a malicious request to change the password information. A command-execution vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability 4. A cross-site scripting vulnerability 5. Cisco Linksys WRT54GL 1.1 running firmware version 4.30.15 build 2 is vulnerable; other versions may also be affected

Trust: 2.43

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450 // BID: 57459

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 2.4

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450

AFFECTED PRODUCTS

vendor:ciscomodel:linksys wrt54gl router buildscope:eqversion:4.30.152

Trust: 2.4

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-398

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 57459

PATCH

title:Patch for Cisco Linksys WRT54GL Router Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/30351

Trust: 0.6

title:Cisco Linksys WRT54GL Router 'wan_hostnam' command to execute the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/30312

Trust: 0.6

title:Patch for Cisco Linksys WRT54GL Router Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/30371

Trust: 0.6

title:Cisco Linksys WRT54GL Router Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/30332

Trust: 0.6

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450

EXTERNAL IDS

db:BIDid:57459

Trust: 3.3

db:EXPLOIT-DBid:24202

Trust: 2.4

db:CNVDid:CNVD-2013-00452

Trust: 0.6

db:CNVDid:CNVD-2013-00448

Trust: 0.6

db:CNVDid:CNVD-2013-00454

Trust: 0.6

db:CNVDid:CNVD-2013-00450

Trust: 0.6

db:CNNVDid:CNNVD-201301-398

Trust: 0.6

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450 // BID: 57459 // CNNVD: CNNVD-201301-398

REFERENCES

url:http://www.exploit-db.com/exploits/24202/

Trust: 2.4

url:http://www.securityfocus.com/bid/57459

Trust: 0.6

sources: CNVD: CNVD-2013-00452 // CNVD: CNVD-2013-00448 // CNVD: CNVD-2013-00454 // CNVD: CNVD-2013-00450 // CNNVD: CNNVD-201301-398

CREDITS

m-1-k-3

Trust: 0.9

sources: BID: 57459 // CNNVD: CNNVD-201301-398

SOURCES

db:CNVDid:CNVD-2013-00452
db:CNVDid:CNVD-2013-00448
db:CNVDid:CNVD-2013-00454
db:CNVDid:CNVD-2013-00450
db:BIDid:57459
db:CNNVDid:CNNVD-201301-398

LAST UPDATE DATE

2022-05-17T02:09:07.483000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-00452date:2013-01-23T00:00:00
db:CNVDid:CNVD-2013-00448date:2013-01-23T00:00:00
db:CNVDid:CNVD-2013-00454date:2013-05-23T00:00:00
db:CNVDid:CNVD-2013-00450date:2013-01-23T00:00:00
db:BIDid:57459date:2013-04-10T06:18:00
db:CNNVDid:CNNVD-201301-398date:2013-01-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-00452date:2013-01-23T00:00:00
db:CNVDid:CNVD-2013-00448date:2013-01-23T00:00:00
db:CNVDid:CNVD-2013-00454date:2013-01-23T00:00:00
db:CNVDid:CNVD-2013-00450date:2013-01-23T00:00:00
db:BIDid:57459date:2013-01-18T00:00:00
db:CNNVDid:CNNVD-201301-398date:2013-01-22T00:00:00