Vulnerabilities > CVE-2006-5202 - Authentication Bypass vulnerability in Linksys Wrt54G 1.00.9

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
linksys
exploit available

Summary

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

Vulnerable Configurations

Part Description Count
Hardware
Linksys
1

Exploit-Db

descriptionLinksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities (2). CVE-2006-5202. Remote exploit for hardware platform
fileexploits/hardware/remote/5926.txt
idEDB-ID:5926
last seen2016-01-31
modified2008-06-24
platformhardware
port
published2008-06-24
reportermeathive
sourcehttps://www.exploit-db.com/download/5926/
titleLinksys WRT54G firmware 1.00.9 Security Bypass Vulnerabilities 2
typeremote

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/67644/linksys54g-bypass.txt
idPACKETSTORM:67644
last seen2016-12-05
published2008-06-24
reportermeathive
sourcehttps://packetstormsecurity.com/files/67644/linksys54g-bypass.txt.html
titlelinksys54g-bypass.txt