Sign-up

ID

VAR-200412-0788


CVE

CVE-2004-2606


TITLE

Linksys WRT54G Router Global Access Management Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2004-1560 // CNNVD: CNNVD-200412-618

DESCRIPTION

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. Linksys WRT54G Router is a router device.  Even when the management function is turned off, Linksys WRT54G Router still provides 80 and 443 port management web pages on the WAN interface. As a result, an attacker can access the management interface. In combination with other loopholes, the router may be controlled. A weakness is reported to affect the Linksys WRT54G appliance

Trust: 1.8

sources: NVD: CVE-2004-2606 // CNVD: CNVD-2004-1560 // BID: 10441 // VULHUB: VHN-11034

AFFECTED PRODUCTS

vendor:linksysmodel:wrt54gscope:eqversion:2.02.7

Trust: 1.6

vendor:linksysmodel:befsr41 v3scope:eqversion:*

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:linksysmodel:befsr41 v3scope: - version: -

Trust: 0.6

vendor:sveasoftmodel:samadhi2 .6svscope:eqversion:2.0.8

Trust: 0.3

vendor:linksysmodel:wrt54gscope:eqversion:v2.02.00.8

Trust: 0.3

vendor:linksysmodel:wpc300n wireless-n notebook adapterscope:eqversion:-4.100.15.5

Trust: 0.3

vendor:linksysmodel:wrt54g betascope:neversion:v2.02.02.8

Trust: 0.3

sources: CNVD: CNVD-2004-1560 // BID: 10441 // CNNVD: CNNVD-200412-618 // NVD: CVE-2004-2606

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2606
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-618
value: HIGH

Trust: 0.6

VULHUB: VHN-11034
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-2606
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11034
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11034 // CNNVD: CNNVD-200412-618 // NVD: CVE-2004-2606

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2606

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-618

TYPE

Design Error

Trust: 0.9

sources: BID: 10441 // CNNVD: CNNVD-200412-618

EXTERNAL IDS

db:NVDid:CVE-2004-2606

Trust: 2.3

db:BIDid:10441

Trust: 2.0

db:OSVDBid:6577

Trust: 1.7

db:SECUNIAid:11754

Trust: 1.7

db:CNNVDid:CNNVD-200412-618

Trust: 0.7

db:CNVDid:CNVD-2004-1560

Trust: 0.6

db:BUGTRAQid:20040604 THE LINKSYS WRT54G "SECURITY PROBLEM" DOESN'T EXIST

Trust: 0.6

db:BUGTRAQid:20040604 RE: THE LINKSYS WRT54G "SECURITY PROBLEM" DOESN'T EXIST

Trust: 0.6

db:BUGTRAQid:20040601 RE: LINKSYS WRT54G ADMINISTRATION PAGE AVAILBLE TO WAN

Trust: 0.6

db:BUGTRAQid:20040602 RE: THE LINKSYS WRT54G "SECURITY PROBLEM" DOESN'T EXIST

Trust: 0.6

db:BUGTRAQid:20040602 ADDITIONAL INFORMATION ON WRT54G ADMINISTRATION PAGE

Trust: 0.6

db:BUGTRAQid:20040531 LINKSYS WRT54G ADMINISTRATION PAGE AVAILBLE TO WAN

Trust: 0.6

db:NSFOCUSid:6513

Trust: 0.6

db:XFid:16274

Trust: 0.6

db:VULHUBid:VHN-11034

Trust: 0.1

sources: CNVD: CNVD-2004-1560 // VULHUB: VHN-11034 // BID: 10441 // CNNVD: CNNVD-200412-618 // NVD: CVE-2004-2606

REFERENCES

url:http://www.securityfocus.com/bid/10441

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html

Trust: 1.7

url:http://www.securityfocus.com/archive/1/365227/30/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/365175

Trust: 1.7

url:ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_us_code_beta.zip

Trust: 1.7

url:http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201

Trust: 1.7

url:http://www.nwfusion.com/news/2004/0607confuse.html

Trust: 1.7

url:http://www.osvdb.org/6577

Trust: 1.7

url:http://secunia.com/advisories/11754

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16274

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/16274

Trust: 0.6

url:http://www.nsfocus.net/vulndb/6513

Trust: 0.6

url:http://www.linksys.com/download/firmware.asp?fwid=201

Trust: 0.3

url:http://www.sveasoft.com/modules/phpbb2/index.php

Trust: 0.3

url:http://www.linksys.com/products/product.asp?prid=508&scid=35

Trust: 0.3

url:/archive/1/364977

Trust: 0.3

url:/archive/1/364729

Trust: 0.3

url:/archive/1/365175

Trust: 0.3

sources: VULHUB: VHN-11034 // BID: 10441 // CNNVD: CNNVD-200412-618 // NVD: CVE-2004-2606

CREDITS

Alan W. Rateliff, II※ lists@rateliff.net

Trust: 0.6

sources: CNNVD: CNNVD-200412-618

SOURCES

db:CNVDid:CNVD-2004-1560
db:VULHUBid:VHN-11034
db:BIDid:10441
db:CNNVDid:CNNVD-200412-618
db:NVDid:CVE-2004-2606

LAST UPDATE DATE

2024-08-14T15:45:43.744000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2004-1560date:2004-05-31T00:00:00
db:VULHUBid:VHN-11034date:2017-07-11T00:00:00
db:BIDid:10441date:2004-05-31T00:00:00
db:CNNVDid:CNNVD-200412-618date:2006-01-23T00:00:00
db:NVDid:CVE-2004-2606date:2017-07-11T01:32:03

SOURCES RELEASE DATE

db:CNVDid:CNVD-2004-1560date:2004-05-31T00:00:00
db:VULHUBid:VHN-11034date:2004-12-31T00:00:00
db:BIDid:10441date:2004-05-31T00:00:00
db:CNNVDid:CNNVD-200412-618date:2004-05-31T00:00:00
db:NVDid:CVE-2004-2606date:2004-12-31T05:00:00