Linksys WRT54G Vunerabilities
From SANS: Multiple Linksys WRT54G Vunerabilities, published: 2005-09-14
iDefense has released five vulnerabilities against the Linksys WRT54G wireless access point/switch/router. Some of these vulnerabilities are very serious. Users of these products are highly recommended to patch their devices. Patches for the latest versions are available at http://www.linksys.com.
This is one of the most popular and widely modified wireless routers out there. If you have one that’s exposed to the public, time to patch it.
Here’s the capsule descriptions, these look like fun:
- Remote exploitation of a design error in the upgrade.cgi component of
Cisco Systems Inc.’s Linksys WRT54G wireless router may allow
unauthenticated modification of the router firmware. - Remote exploitation of a design error in multiple versions of the
firmware for Cisco Systems Inc.’s Linksys WRT54G wireless router may
allow unauthenticated modification of the router configuration. - Remote exploitation of an input validation error within the web
management httpd component of Cisco Systems Inc.’s Linksys WRT54G
wireless router may allow unauthenticated users to cause a denial of
service (DoS). - Remote exploitation of a buffer overflow vulnerability in multiple
versions of the firmware for Cisco Systems Inc.’s Linksys WRT54G
wireless router may allow unauthenticated execution of arbitrary
commands as the root user. - Remote exploitation of a design error in the ‘restore.cgi’ component of
Cisco Systems Inc.’s Linksys WRT54G wireless router may allow
unauthenticated modification of the router configuration.
