Details of VAR-200905-0193

ID

VAR-200905-0193

CVE

CVE-2009-1561

TITLE

Cisco Linksys WRT54GC Router administration.cgi Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2009-003395

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications. Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks. Linksys WRT54GC running firmware 1.05.7 is vulnerable; other versions may also be affected. Cisco Linksys WRT54GC is a small business/home wireless broadband router produced by Cisco. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Linksys WRT54GC "administration.cgi" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA34805 VERIFY ADVISORY: http://secunia.com/advisories/34805/ DESCRIPTION: Gabriel Lima has reported a vulnerability in Linksys WRT54GC, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the router allowing unrestricted access to the administration.cgi web interface script. This can be exploited to change the administrator's password by sending a specially crafted HTTP request to the affected script. SOLUTION: Restrict internal network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Gabriel Lima ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2009-1561 // JVNDB: JVNDB-2009-003395 // BID: 34616 // VULHUB: VHN-39007 // VULMON: CVE-2009-1561 // PACKETSTORM: 76991

AFFECTED PRODUCTS

vendor:	cisco	model:	wrt54gc	scope:	eq	version:	1.05.7	Trust: 1.6
vendor:	cisco	model:	linksys wrt54gc	scope:	eq	version:	1.05.7	Trust: 0.8
vendor:	linksys	model:	wrt54gc	scope:	eq	version:	1.5.7	Trust: 0.3

sources: BID: 34616 // JVNDB: JVNDB-2009-003395 // CNNVD: CNNVD-200905-075 // NVD: CVE-2009-1561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1561
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-1561
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200905-075
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-39007
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2009-1561
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-1561
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-39007
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39007 // VULMON: CVE-2009-1561 // JVNDB: JVNDB-2009-003395 // CNNVD: CNNVD-200905-075 // NVD: CVE-2009-1561

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-39007 // JVNDB: JVNDB-2009-003395 // NVD: CVE-2009-1561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-075

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200905-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003395

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-39007 // VULMON: CVE-2009-1561

PATCH

title:

Top Page

url:

https://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003395

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1561	Trust: 2.6
db:	BID	id:	34616	Trust: 2.1
db:	SECUNIA	id:	34805	Trust: 1.9
db:	VUPEN	id:	ADV-2009-1172	Trust: 1.8
db:	JVNDB	id:	JVNDB-2009-003395	Trust: 0.8
db:	BUGTRAQ	id:	20090418 LINKSYS WRT54GC - ADMIN PASSWORD CHANGE (POC)	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-075	Trust: 0.6
db:	EXPLOIT-DB	id:	32931	Trust: 0.2
db:	VULHUB	id:	VHN-39007	Trust: 0.1
db:	VULMON	id:	CVE-2009-1561	Trust: 0.1
db:	PACKETSTORM	id:	76991	Trust: 0.1

sources: VULHUB: VHN-39007 // VULMON: CVE-2009-1561 // BID: 34616 // JVNDB: JVNDB-2009-003395 // PACKETSTORM: 76991 // CNNVD: CNNVD-200905-075 // NVD: CVE-2009-1561

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/34616	Trust: 1.8
url:	http://packetstormsecurity.org/0904-exploits/linksysadmin-passwd.txt	Trust: 1.8
url:	http://www.falandodeseguranca.com/?p=17	Trust: 1.8
url:	http://secunia.com/advisories/34805	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2009/1172	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1561	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1561	Trust: 0.8
url:	http://www.linksys.com/	Trust: 0.3
url:	/archive/1/502800	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/32931/	Trust: 0.1
url:	http://secunia.com/advisories/try_vi/request_2008_report/	Trust: 0.1
url:	http://secunia.com/advisories/34805/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-39007 // VULMON: CVE-2009-1561 // BID: 34616 // JVNDB: JVNDB-2009-003395 // PACKETSTORM: 76991 // CNNVD: CNNVD-200905-075 // NVD: CVE-2009-1561

CREDITS

Gabriel Lima

Trust: 0.3

sources: BID: 34616

SOURCES

db:	VULHUB	id:	VHN-39007
db:	VULMON	id:	CVE-2009-1561
db:	BID	id:	34616
db:	JVNDB	id:	JVNDB-2009-003395
db:	PACKETSTORM	id:	76991
db:	CNNVD	id:	CNNVD-200905-075
db:	NVD	id:	CVE-2009-1561

LAST UPDATE DATE

2025-04-10T23:17:54.112000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39007	date:	2009-05-07T00:00:00
db:	VULMON	id:	CVE-2009-1561	date:	2009-05-07T00:00:00
db:	BID	id:	34616	date:	2009-04-21T22:36:00
db:	JVNDB	id:	JVNDB-2009-003395	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-075	date:	2009-05-07T00:00:00
db:	NVD	id:	CVE-2009-1561	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39007	date:	2009-05-06T00:00:00
db:	VULMON	id:	CVE-2009-1561	date:	2009-05-06T00:00:00
db:	BID	id:	34616	date:	2009-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2009-003395	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	76991	date:	2009-04-27T15:17:43
db:	CNNVD	id:	CNNVD-200905-075	date:	2009-05-06T00:00:00
db:	NVD	id:	CVE-2009-1561	date:	2009-05-06T16:30:00.703