Description
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
Affected products
- linksys / WRT54G1.00.9 – 1.00.9
References
- MISChttp://www.securityfocus.com/bid/19347
- MISChttps://kinqpinz.info/lib/wrt54g/
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html
- EXPLOIThttps://www.exploit-db.com/exploits/5926
- MISChttps://kinqpinz.info/lib/wrt54g/own2.txt
- MISChttp://www.kb.cert.org/vuls/id/930364
- VENDOR_ADVISORYhttp://secunia.com/advisories/21372
- MISChttp://securitytracker.com/id?1016638
Updated 6m ago · 2 sources