Sign-up

ID

VAR-201906-0002


CVE

CVE-2009-5157


TITLE

Linksys WAG54G2 Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2009-006631

DESCRIPTION

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. Linksys WAG54G2 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linksys WAG54G2 is an ADSL all-in-one with integrated modem and router. The Linksys WAG54G2 router provides a management console that is accessible only to LAN users by default. Since the special characters such as \";\", \"&\", \"|\", \"``\", \"%a0\" in the user request are not correctly filtered, the user can inject and execute the malicious request after logging in to the console. Any shell command. If the user does not change the default management password, the external network user can also exploit the vulnerability remotely by using the cross-site request forgery attack. Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device. Linksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable. UPDATE (May 29, 2009): The reporter indicates that this issue may not be remotely exploitable if the administrator credentials have been changed from the default values

Trust: 2.52

sources: NVD: CVE-2009-5157 // JVNDB: JVNDB-2009-006631 // CNVD: CNVD-2009-2805 // BID: 35142 // VULHUB: VHN-42603

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2009-2805

AFFECTED PRODUCTS

vendor:linksysmodel:wag54g2scope:eqversion:1.00.10

Trust: 1.0

vendor:linksysmodel:wireless-g adsl2+ gateway wag54g2scope:eqversion:1.0.10

Trust: 0.9

vendor:cisco linksysmodel:wag54g2scope:eqversion:1.00.10

Trust: 0.8

sources: CNVD: CNVD-2009-2805 // BID: 35142 // JVNDB: JVNDB-2009-006631 // NVD: CVE-2009-5157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-5157
value: HIGH

Trust: 1.0

NVD: CVE-2009-5157
value: HIGH

Trust: 0.8

CNVD: CNVD-2009-2805
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-404
value: HIGH

Trust: 0.6

VULHUB: VHN-42603
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-5157
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2009-2805
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-42603
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2009-5157
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2009-2805 // VULHUB: VHN-42603 // JVNDB: JVNDB-2009-006631 // CNNVD: CNNVD-201906-404 // NVD: CVE-2009-5157

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-42603 // JVNDB: JVNDB-2009-006631 // NVD: CVE-2009-5157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-404

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-006631

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-006631

EXTERNAL IDS
db:BIDid:35142
Trust: 2.6
db:NVDid:CVE-2009-5157
Trust: 2.5
db:JVNDBid:JVNDB-2009-006631
Trust: 0.8
db:EXPLOIT-DBid:8833
Trust: 0.6
db:CNVDid:CNVD-2009-2805
Trust: 0.6
db:CNNVDid:CNNVD-201906-404
Trust: 0.6
db:VULHUBid:VHN-42603
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2009-2805 // 
            
            
            
            VULHUB: VHN-42603 // 
            
            
            
            BID: 35142 // 
            
            
            
            JVNDB: JVNDB-2009-006631 // 
            
            
            
            CNNVD: CNNVD-201906-404 // 
            
            
            
            NVD: CVE-2009-5157

REFERENCES
url:https://www.securityfocus.com/archive/1/503934
Trust: 2.5
url:https://www.securityfocus.com/bid/35142
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2009-5157
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5157
Trust: 0.8
url:http://milw0rm.com/exploits/8833
Trust: 0.6
url:http://www.linksysbycisco.com/anz/en/products/wag54g2
Trust: 0.3
url:/archive/1/503934
Trust: 0.3
url:http://www.securitum.pl/dh/linksys_wag54g2_-_escape_to_os_root
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2009-2805 // 
            
            
            
            VULHUB: VHN-42603 // 
            
            
            
            BID: 35142 // 
            
            
            
            JVNDB: JVNDB-2009-006631 // 
            
            
            
            CNNVD: CNNVD-201906-404 // 
            
            
            
            NVD: CVE-2009-5157

CREDITS
Michal Sajdak
Trust: 0.3
sources:
            
            
            BID: 35142

SOURCES
db:CNVDid:CNVD-2009-2805
db:VULHUBid:VHN-42603
db:BIDid:35142
db:JVNDBid:JVNDB-2009-006631
db:CNNVDid:CNNVD-201906-404
db:NVDid:CVE-2009-5157

LAST UPDATE DATE
2024-08-14T15:18:03.233000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2009-2805date:2009-05-15T00:00:00
db:VULHUBid:VHN-42603date:2019-06-17T00:00:00
db:BIDid:35142date:2009-06-01T16:29:00
db:JVNDBid:JVNDB-2009-006631date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-404date:2019-06-18T00:00:00
db:NVDid:CVE-2009-5157date:2019-06-17T13:26:47.327

SOURCES RELEASE DATE
db:CNVDid:CNVD-2009-2805date:2009-05-15T00:00:00
db:VULHUBid:VHN-42603date:2019-06-11T00:00:00
db:BIDid:35142date:2009-05-15T00:00:00
db:JVNDBid:JVNDB-2009-006631date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-404date:2019-06-11T00:00:00
db:NVDid:CVE-2009-5157date:2019-06-11T21:29:00.287