ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote malicious users to obtain encrypted configuration information and, if the key is known, modify the configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linksys wrt54g 3.01.3 |
||
linksys wrt54g 3.03.6 |
||
linksys wrt54g 2.04.4 |