CVE-2005-2916

3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.5%

top 35.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys Wrt54g

Timeline

PublishedSep 14

Latest updateMay 1

Description

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDlinksys/wrt54g3.01.3, 3.03.6, 4.00.7+2

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-hfxc-fp88-8x2r: Linksys WRT54G 3↗2022-05-01

▶

CVEList

CVE-2005-2916: Linksys WRT54G 3↗2005-09-14

▶