3.03.6

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

linksys

nessus

exploit available

metasploit

NVD

Published: 2005-09-15

Updated: 2024-11-21

Summary

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

Vulnerable Configurations

Part	Description	Count
Hardware	Linksys Linksys Wrt54G 3.01.3 Linksys Wrt54G 3.03.6	2

Exploit-Db

description	Linksys WRT54G < 4.20.7 , WRT54GS < 1.05.2 apply.cgi Buffer Overflow. CVE-2005-2799. Remote exploit for cgi platform
id	EDB-ID:10028
last seen	2016-02-01
modified	2005-09-13
published	2005-09-13
reporter	Raphael Rigo
source	https://www.exploit-db.com/download/10028/
title	Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow

description	Linksys WRT54 Access Point apply.cgi Buffer Overflow. CVE-2005-2799. Remote exploit for hardware platform
id	EDB-ID:16854
last seen	2016-02-02
modified	2010-09-24
published	2010-09-24
reporter	metasploit
source	https://www.exploit-db.com/download/16854/
title	Linksys WRT54 Access Point apply.cgi Buffer Overflow

Metasploit

description	This module exploits a stack buffer overflow in apply.cgi on the Linksys WRT54G and WRT54GS routers. According to iDefense who discovered this vulnerability, all WRT54G versions prior to 4.20.7 and all WRT54GS version prior to 1.05.2 may be affected.
id	MSF:EXPLOIT/LINUX/HTTP/LINKSYS_APPLY_CGI
last seen	2020-03-11
modified	2017-08-29
published	2008-09-15
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2799 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=305
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/linksys_apply_cgi.rb
title	Linksys WRT54 Access Point apply.cgi Buffer Overflow

description	Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.
id	MSF:EXPLOIT/LINUX/HTTP/LINKSYS_WRT54GL_APPLY_EXEC
last seen	2020-04-24
modified	2018-07-12
published	2013-04-04
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2799 http://www.s3cur1ty.de/m1adv2013-001
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb
title	Linksys WRT54GL apply.cgi Command Execution

Nessus

NASL family	CISCO
NASL id	LINKSYS_MULTIPLE_VULNS.NASL
description	The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. (CVE-2005-2916) - Download and replace the configuration of affected routers via a special POST request to the
last seen	2020-06-01
modified	2020-06-02
plugin id	20096
published	2005-10-28
reporter	Copyright (C) 2005-2018 Josh Zlatin-Amishav
source	https://www.tenable.com/plugins/nessus/20096
title	Linksys Multiple Vulnerabilities (OF, DoS, more)

Packetstorm

data source	https://packetstormsecurity.com/files/download/82237/linksys_apply_cgi.rb.txt
id	PACKETSTORM:82237
last seen	2016-12-05
published	2009-10-27
reporter	Raphael Rigo
source	https://packetstormsecurity.com/files/82237/Linksys-apply.cgi-Buffer-Overflow.html
title	Linksys apply.cgi Buffer Overflow

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Nessus

Packetstorm

References