linksys wrt54g Security Vulnerabilities

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

Impacted versions: *

Base Score: 10.0, Severity: HIGH, ID: CVE-2008-1247, Last Modified: 2018-10-11T20:31:00Z

References

Modemly Security Checklist

The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.

Impacted versions: *

Base Score: 4.0, Severity: MEDIUM, ID: CVE-2008-1263, Last Modified: 2018-10-11T20:31:00Z

References

Modemly Security Checklist

DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.

Impacted versions: 2.00.8, 1.42.3

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0580, Last Modified: 2018-08-13T21:47:00Z

References

Modemly Security Checklist

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

Impacted versions: 1.00.9

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2006-5202, Last Modified: 2017-10-11T01:31:00Z

References

Modemly Security Checklist

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

Impacted versions: 1.42.3, 3.01.3, 2.00.8, 2.02.7, 2.04.4_non_default, 2.04.4, 3.03.6, 4.00.7

Base Score: 7.5, Severity: HIGH, ID: CVE-2006-2559, Last Modified: 2017-07-20T01:31:00Z

References

Modemly Security Checklist

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

Impacted versions: 2.02.7

Base Score: 7.5, Severity: HIGH, ID: CVE-2004-2606, Last Modified: 2017-07-11T01:32:00Z

References

Modemly Security Checklist

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

Impacted versions: 4.00.7, 3.01.3, 3.03.6

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2005-2916, Last Modified: 2008-09-05T20:52:00Z

References

Modemly Security Checklist

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

Impacted versions: 3.03.6, 3.01.3

Base Score: 7.5, Severity: HIGH, ID: CVE-2005-2799, Last Modified: 2008-09-05T20:52:00Z

References

Modemly Security Checklist