cbcvebase.

Cisco Wvc54Gca vulnerabilities

5 known vulnerabilities affecting cisco/wvc54gca.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2009-1558P2HIGHCVSS 7.8ExploitedPoCv1.00r22v1.00r242009-05-06
CVE-2009-1558 [HIGH] CWE-22 CVE-2009-1558: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camer Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
nvd
CVE-2009-1557P4MEDIUMCVSS 4.3PoCv1.00r22v1.00r242009-05-06
CVE-2009-1557 [MEDIUM] CWE-79 CVE-2009-1557: Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video cam Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
nvd
CVE-2009-1559P3HIGHCVSS 7.8v1.00r22v1.00r242009-05-06
CVE-2009-1559 [HIGH] CWE-22 CVE-2009-1559: Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video c Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible.
nvd
CVE-2009-1555P4MEDIUMCVSS 5.0v1.00r22v1.00r242009-05-06
CVE-2009-1555 [MEDIUM] CVE-2009-1555: The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configurati The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.
nvd
CVE-2009-1556P4LOWCVSS 3.5v1.00r22v1.00r242009-05-06
CVE-2009-1556 [LOW] CVE-2009-1556: img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 a img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.
nvd
Cisco Wvc54Gca vulnerabilities | cvebase