Linksys multiple remote vulnerabilities

Published: 2006-03-26 15:55:15
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Remote Vulnerability

Solution Type:
Vendor Patch

Recommendations:
Upgrade to firmware version 4.20.7 or later.

Summary:
The remote host appears to be a Linksys WRT54G Wireless Router which is affected by multiple flaws.

Technical Details:
The firmware version installed on the remote host is prone to several flaws, - Execute arbitrary commands on the affected router with root privileges. - Download and replace the configuration of affected routers via a special POST request to the 'restore.cgi' or 'upgrade.cgi' scripts. - Allow remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. - Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2005-2799
https://nvd.nist.gov/vuln/detail/CVE-2005-2914
https://nvd.nist.gov/vuln/detail/CVE-2005-2915
https://nvd.nist.gov/vuln/detail/CVE-2005-2916

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/14822

References:

http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.