Details of VAR-201704-1629

ID

VAR-201704-1629

TITLE

Linksys Smart Wi-Fi Routers Authentication Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-05026

DESCRIPTION

LinksysSmartWi-FiRouters are smart Wi-Fi routers. There is an authentication bypass vulnerability in LinksysSmartWi-FiRouters. Attackers can bypass CGI scripts to collect sensitive information such as firmware version, Linux kernel version, running process list, USB device connection, WPS PIN code. Unauthenticated attackers can obtain sensitive information, such as using a set of APIs to list all connected devices and their respective operating systems, accessing firewall configurations, reading FTP configuration settings, or unzipping SMB server settings.

Trust: 0.6

sources: CNVD: CNVD-2017-05026

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05026

AFFECTED PRODUCTS

vendor:	belkin	model:	linksys wrt3200acm	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1900acs	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1900ac	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1200ac	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9200	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea8500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea8300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6900	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6700	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6350v3	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6350v2	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6200	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6100	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea4500v3	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea3500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea2750	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea2700	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-05026

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-05026
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-05026
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-05026

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-05026

Trust: 0.6

sources: CNVD: CNVD-2017-05026

REFERENCES

url:	http://www.linksys.com/us/support-article?articlenum=246427	Trust: 0.6
url:	http://blog.ioactive.com/2017/04/linksys-smart-wi-fi-vulnerabilities.html	Trust: 0.6
url:	http://securityaffairs.co/wordpress/58177/hacking/linksys-routers-flaws.html	Trust: 0.6

sources: CNVD: CNVD-2017-05026

SOURCES

db:

CNVD

id:

CNVD-2017-05026

LAST UPDATE DATE

2022-05-04T10:12:12.533000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-05026

date:

2017-04-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-05026

date:

2017-04-22T00:00:00