CVE-2009-5157 - Command Injection vulnerability in Linksys Wag54G2 Firmware 1.00.10

Publication

2019-06-11

Last modification

2019-06-17

Summary

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.

Classification

CWE-77 - Command Injection

Risk level (CVSS AV:N/AC:L/Au:S/C:C/I:C/A:C)

High

9.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Linksys Wag54G2 Firmware  1.00.10