cbcvebase.
CVE-2009-1558
published 2009-05-06

CVE-2009-1558: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers…

PriorityP271high7.8CVSS 2.0
AVNACLAuNCCINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.81%
97.9th percentile
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscowvc54gca
ciscowvc54gca

Detection & IOCsextracted from sources · hover to see the quote

path/adm/file.cgi
url/adm/file.cgi?next_file=%2fetc%2fpasswd
url/adm/file.cgi?next_file=%2fetc/passwd
url/adm/file.cgi?next_file=%2e.%2f%2e.%2f%2e.%2f%2e.%2fetc%2fpasswd
url/adm/file.cgi?todo=pwnage&this_file=/etc/passwd
yara
rule CVE_2009_1558_LFI { strings: $path = "/adm/file.cgi" $param1 = "next_file=" $traversal1 = "%2e." nocase $traversal2 = "%2fetc%2fpasswd" nocase condition: $path and $param1 and ($traversal1 or $traversal2) }
  • Look for HTTP GET requests to /adm/file.cgi with a 'next_file' parameter containing encoded traversal sequences such as '%2e.' (encoded dot) or absolute paths like '%2fetc%2fpasswd'.
  • Successful exploitation returns /etc/passwd content; match HTTP 200 responses to /adm/file.cgi requests containing the regex 'root:.*:0:0:' to confirm file read.
  • Also monitor for the 'this_file' parameter in requests to /adm/file.cgi as an alternative exploitation vector (e.g., ?todo=pwnage&this_file=/etc/passwd).
  • ·Vulnerability is confirmed only on Cisco Linksys WVC54GCA firmware versions 1.00R22 and 1.00R24; other versions may also be vulnerable but are unconfirmed.
  • ·The vulnerability requires no authentication (Au:N) and is remotely exploitable over the network (AV:N/AC:L), meaning any unauthenticated remote attacker can trigger it.

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.