3.03.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

linksys

nessus

NVD

Published: 2005-09-14

Updated: 2008-09-05

Summary

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.

Vulnerable Configurations

Part	Description	Count
Hardware	Linksys Linksys Wrt54G 2.04.4 Linksys Wrt54G 3.01.3 Linksys Wrt54G 3.03.6	3

Nessus

NASL family	CISCO
NASL id	LINKSYS_MULTIPLE_VULNS.NASL
description	The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. (CVE-2005-2916) - Download and replace the configuration of affected routers via a special POST request to the
last seen	2020-06-01
modified	2020-06-02
plugin id	20096
published	2005-10-28
reporter	Copyright (C) 2005-2018 Josh Zlatin-Amishav
source	https://www.tenable.com/plugins/nessus/20096
title	Linksys Multiple Vulnerabilities (OF, DoS, more)

References

http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities