Lucene search
HistorySep 14, 2005 - 9:03 p.m.
CVE-2005-2916
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
64.7%
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Affected configurations
Node
linksyswrt54gMatch3.01.3
ORlinksyswrt54gMatch3.03.6
ORlinksyswrt54gMatch4.00.7
Related
cvelist
cvelist
CVE-2005-2916
2005-09-14 04:00:00
cve
cve
CVE-2005-2916
2005-09-14 21:03:00
openvas
openvas
Linksys multiple remote vulnerabilities
2006-03-26 00:00:00
nessus
nessus
Linksys Multiple Vulnerabilities (OF, DoS, more)
2005-10-28 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
64.7%
Related for NVD:CVE-2005-2916