Lucene search

MitreCVE-2005-2916

HistorySep 14, 2005 - 9:03 p.m.

CVE-2005-2916

2005-09-1421:03:00

mitre

web.nvd.nist.gov

cve

linksys wrt54g

firmware upload

configuration modification

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

64.7%

JSON

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

Affected configurations

Nvd

Node

linksyswrt54gMatch3.01.3

linksyswrt54gMatch3.03.6

linksyswrt54gMatch4.00.7

VendorProductVersionCPE
linksyswrt54g3.01.3cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*
linksyswrt54g3.03.6cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*
linksyswrt54g4.00.7cpe:2.3:h:linksys:wrt54g:4.00.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	wrt54g	3.01.3	cpe:2.3:h:linksys:wrt54g:3.01.3:::::::*
linksys	wrt54g	3.03.6	cpe:2.3:h:linksys:wrt54g:3.03.6:::::::*
linksys	wrt54g	4.00.7	cpe:2.3:h:linksys:wrt54g:4.00.7:::::::*

References

www.idefense.com/application/poi/display?id=306&type=vulnerabilities

www.idefense.com/application/poi/display?id=307&type=vulnerabilities

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

64.7%

JSON

Related for CVE-2005-2916