Published: 06/05/2009 Updated: 07/05/2009

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote malicious users to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco wrt54gc 1.05.7

source: wwwsecurityfocuscom/bid/34616/info The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks Linksys WRT54GC running ...

CWE-352 http://www.falandodeseguranca.com/?p=17 http://www.vupen.com/english/advisories/2009/1172 http://www.securityfocus.com/bid/34616 http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html http://secunia.com/advisories/34805 http://packetstormsecurity.org/0904-exploits/linksysadmin-passwd.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/32931/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1561

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect