Vulnerabilities > CVE-2005-2916 - Unspecified vulnerability in Linksys Wrt54G 3.01.3/3.03.6/4.00.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linksys
nessus
Summary
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 |
Nessus
| NASL family | CISCO |
| NASL id | LINKSYS_MULTIPLE_VULNS.NASL |
| description | The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. (CVE-2005-2916) - Download and replace the configuration of affected routers via a special POST request to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20096 |
| published | 2005-10-28 |
| reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
| source | https://www.tenable.com/plugins/nessus/20096 |
| title | Linksys Multiple Vulnerabilities (OF, DoS, more) |
References
- http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities
- http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities