[Vulnerability]--Linksys

Science & Technology Information Technology, Gaming, Machines, Gadgets
1

Hurry up and fix your Linksys gear already before hackers start their work. Yes 5abi that means that you let people update…:slight_smile:

http://nvd.nist.gov/nvd.cfm?cvename=CAN-2005-2916

Original release date: 9/14/2005
Last revised: 9/15/2005
Source: US-CERT/NIST

Overview

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

Impact

Severity: Medium
Range: Remotely exploitable
Impact Type: Allows unauthorized modification

References to Advisories, Solutions, and Tools

External Source: IDEFENSE (disclaimer)

Name: 20050913 Linksys WRT54G ‘upgrade.cgi’ Firmware Upload Design Error Vulnerability

Type: Advisory , Patch Information
Hyperlink: http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities

External Source: IDEFENSE (disclaimer)

Name: 20050913 Linksys WRT54G ‘restore.cgi’ Configuration Modification Design Error Vulnerability

Type: Advisory , Patch Information
Hyperlink: http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities

Vulnerable software and versions

Linksys, WRT54G, v3.01.03 (Firmware)

Linksys, WRT54G, v3.03.6 (Firmware)

Linksys, WRT54G, v4.00.7 (Firmware)

Technical Details

Vulnerability Type: Access Validation Error

CVE Standard Vulnerability Entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2916

2

Re: [Vulnerability]–Linksys

:bash: do tin dina baad post karna ciga yaar, hun kukkar kithoon labban ga

3

Re: [Vulnerability]--Linksys

thnaks. Missed this one

kabhi aap logoon ney alphabet 'i' keye neechey
4

Re: [Vulnerability]–Linksys

Better than updating with the Linksys firmware use the Sveasoft software found on this thread: http://www.paklinks.com/gs/showthread.php?t=183261&highlight=wrt54g

salamss frenz
5

Re: [Vulnerability]–Linksys

:smack: remote cheezain router par kholnay hee na dain.. disable EVERY port request from outside for THAT router.. SPECIALLY 80..

6

Re: [Vulnerability]--Linksys

I had a play with them while back and not what the typical home user needs. HyperWRT is also good linksys with a few addons or OpenWRT which is probabaly the best but you ave to compile and add modules on the router so rather time consuming. Maybe all of these are also open to the vunerabilaty.

aisa he tou hona hai