ID
VAR-E-200905-0934
TITLE
Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability
Trust: 0.3
DESCRIPTION
Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device.
Linksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable.
UPDATE (May 29, 2009): The reporter indicates that this issue may not be remotely exploitable if the administrator credentials have been changed from the default values.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | linksys | model: | wireless-g adsl2+ gateway wag54g2 | scope: | eq | version: | 1.0.10 | Trust: 0.3 |
EXPLOIT
To exploit these issues, attackers may use a browser or readily available network utilities.
The following proof of concept is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/35142.txt">/data/vulnerabilities/exploits/35142.txt</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Michal Sajdak
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 35142 | Trust: 0.3 |
REFERENCES
| url: | http://www.linksysbycisco.com/anz/en/products/wag54g2 | Trust: 0.3 |
| url: | http://www.securitum.pl/dh/linksys_wag54g2_-_escape_to_os_root | Trust: 0.3 |
SOURCES
| db: | BID | id: | 35142 |
LAST UPDATE DATE
2022-07-27T09:55:07.318000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 35142 | date: | 2009-06-01T16:29:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 35142 | date: | 2009-05-15T00:00:00 |