Details of VAR-200312-0518

ID

VAR-200312-0518

TITLE

Linksys WRT54G Router Empty HTTP GET Request Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-3527

DESCRIPTION

The Linksys WRT54G Router is a router device. The Linksys WRT54G Router is not properly handling some of the GET requests, and the remote attacker can exploit this vulnerability to restart the router. Sending an empty GET request to the router embedded in port 80 of the WEB system listening will cause the router to be restarted, causing a denial of service attack. It has been reported that when the affected appliance handles a request of this type the embedded web server will halt, requiring the appliance to be power cycled in order to regain normal functionality

Trust: 0.81

sources: CNVD: CNVD-2003-3527 // BID: 9152

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-3527

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	wrt54g	scope:	eq	version:	v2.02.00.8	Trust: 0.3
vendor:	linksys	model:	wpc300n wireless-n notebook adapter	scope:	eq	version:	-4.100.15.5	Trust: 0.3

sources: CNVD: CNVD-2003-3527 // BID: 9152

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-3527
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2003-3527
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-3527

THREAT TYPE

network

Trust: 0.3

sources: BID: 9152

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 9152

EXTERNAL IDS

db:	BID	id:	9152	Trust: 0.9
db:	CNVD	id:	CNVD-2003-3527	Trust: 0.6

sources: CNVD: CNVD-2003-3527 // BID: 9152

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=107049411717616&w=2	Trust: 0.6
url:	http://www.linksys.com/products/product.asp?prid=508&scid=35	Trust: 0.3
url:	/archive/1/346399	Trust: 0.3

sources: CNVD: CNVD-2003-3527 // BID: 9152

CREDITS

Discovery of this vulnerability has been credited to carbon@techcentric.net.

Trust: 0.3

sources: BID: 9152

SOURCES

db:	CNVD	id:	CNVD-2003-3527
db:	BID	id:	9152

LAST UPDATE DATE

2022-05-17T01:47:37.712000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-3527	date:	2014-01-24T00:00:00
db:	BID	id:	9152	date:	2003-12-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-3527	date:	2003-12-03T00:00:00
db:	BID	id:	9152	date:	2003-12-03T00:00:00