Vulnerabilities > CVE-2006-5202 - Authentication Bypass vulnerability in Linksys Wrt54G 1.00.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Exploit-Db
description | Linksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities (2). CVE-2006-5202. Remote exploit for hardware platform |
file | exploits/hardware/remote/5926.txt |
id | EDB-ID:5926 |
last seen | 2016-01-31 |
modified | 2008-06-24 |
platform | hardware |
port | |
published | 2008-06-24 |
reporter | meathive |
source | https://www.exploit-db.com/download/5926/ |
title | Linksys WRT54G firmware 1.00.9 Security Bypass Vulnerabilities 2 |
type | remote |
Packetstorm
data source | https://packetstormsecurity.com/files/download/67644/linksys54g-bypass.txt |
id | PACKETSTORM:67644 |
last seen | 2016-12-05 |
published | 2008-06-24 |
reporter | meathive |
source | https://packetstormsecurity.com/files/67644/linksys54g-bypass.txt.html |
title | linksys54g-bypass.txt |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html
- http://secunia.com/advisories/21372
- http://securitytracker.com/id?1016638
- http://www.kb.cert.org/vuls/id/930364
- http://www.securityfocus.com/bid/19347
- https://kinqpinz.info/lib/wrt54g/
- https://kinqpinz.info/lib/wrt54g/own2.txt
- https://www.exploit-db.com/exploits/5926