Vulnerabilities > CVE-2005-2915 - Remote Security vulnerability in Linksys Wrt54G 2.04.4Nondefault/3.01.3/3.03.6

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
linksys
nessus

Summary

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.

Vulnerable Configurations

Part Description Count
Hardware
Linksys
3

Nessus

NASL familyCISCO
NASL idLINKSYS_MULTIPLE_VULNS.NASL
descriptionThe remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. (CVE-2005-2916) - Download and replace the configuration of affected routers via a special POST request to the
last seen2020-06-01
modified2020-06-02
plugin id20096
published2005-10-28
reporterCopyright (C) 2005-2018 Josh Zlatin-Amishav
sourcehttps://www.tenable.com/plugins/nessus/20096
titleLinksys Multiple Vulnerabilities (OF, DoS, more)