Vulnerabilities > Cisco > Wvc54Gca
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-06 | CVE-2009-1559 | Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. | 7.8 |
2009-05-06 | CVE-2009-1558 | Path Traversal vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. | 7.8 |
2009-05-06 | CVE-2009-1557 | Cross-Site Scripting vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi. | 4.3 |
2009-05-06 | CVE-2009-1556 | Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. | 3.5 |
2009-05-06 | CVE-2009-1555 | Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390. | 5.0 |