Details of VAR-201401-0733

ID

VAR-201401-0733

TITLE

Unauthorized access vulnerabilities in multiple Linksys product backdoors

Trust: 0.6

sources: CNVD: CNVD-2014-00264

DESCRIPTION

Linksys is a division of Cisco Systems that sells home and small business networking products. Linksys was originally founded in 1988 and was acquired by Cisco in 2003. Although Linksys is best known for its broadband and wireless routers, it also produces Ethernet switching and VoIP devices as well as many other products. Many Linksys products (including Linksys WAG200G, Linksys WAG320N, Linksys WAG54G2, Linksys WAG120N, Linksys WAP4410N) have unauthorized access vulnerabilities in their implementation. Attackers can use these vulnerabilities to execute commands on the affected device with administrator privileges. Multiple Routers are prone to an unauthorized-access vulnerability. This may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2014-00264 // BID: 64675

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00264

AFFECTED PRODUCTS

vendor:	cisco	model:	linksys wag120n	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	linksys wag200g	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	linksys wag54g2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-00264

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00264
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-00264
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00264

THREAT TYPE

network

Trust: 0.3

sources: BID: 64675

TYPE

Design Error

Trust: 0.3

sources: BID: 64675

EXTERNAL IDS

db:	BID	id:	64675	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00264	Trust: 0.6

sources: CNVD: CNVD-2014-00264 // BID: 64675

REFERENCES

url:	http://www.securityfocus.com/bid/64675	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2014-00264 // BID: 64675

CREDITS

Eloi Vanderbeken

Trust: 0.3

sources: BID: 64675

SOURCES

db:	CNVD	id:	CNVD-2014-00264
db:	BID	id:	64675

LAST UPDATE DATE

2022-05-17T02:09:50.275000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00264	date:	2020-03-10T00:00:00
db:	BID	id:	64675	date:	2014-05-02T01:03:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00264	date:	2014-01-14T00:00:00
db:	BID	id:	64675	date:	2014-01-03T00:00:00