Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5202

4 documents4 sources

Severity

5.0MEDIUM

EPSS

28.7%

top 3.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linksys Wrt54g

Timeline

PublishedOct 10

Latest updateMay 1

Description

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDlinksys/wrt54g1.00.9

🔴Vulnerability Details

GHSA

GHSA-h7w6-7xg8-ph53: Linksys WRT54g firmware 1↗2022-05-01

▶

CVEList

CVE-2006-5202: Linksys WRT54g firmware 1↗2006-10-09

▶

💥Exploits & PoCs

Exploit-DB

Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)↗2008-06-24

▶