Vulnerabilities > CVE-2005-2916 - Remote Security vulnerability in Linksys Wrt54G 3.01.3/3.03.6/4.00.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 |
Nessus
| NASL family | CISCO |
| NASL id | LINKSYS_MULTIPLE_VULNS.NASL |
| description | The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. (CVE-2005-2916) - Download and replace the configuration of affected routers via a special POST request to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20096 |
| published | 2005-10-28 |
| reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
| source | https://www.tenable.com/plugins/nessus/20096 |
| title | Linksys Multiple Vulnerabilities (OF, DoS, more) |