CVE-2005-2916

Опубликовано: 14 сент. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

Ссылки

http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*

cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*

cpe:2.3:h:linksys:wrt54g:4.00.7:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00476

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hfxc-fp88-8x2r

github

почти 4 года назад