|
|
Family: Gain root remotely --> Category: denial
Linksys multiple remote vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for DOS in apply.cgi
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote router is affected by multiple flaws.
Description :
The remote host appears to be a Linksys WRT54G Wireless Router.
The firmware version installed on the remote host is prone to several
flaws,
- Execute arbitrary commands on the affected router with root privilages.
- Download and replace the configuration of affected routers via a special
POST request to the 'restore.cgi' or 'upgrade.cgi' scripts.
- Allow remote attackers to obtain encrypted configuration information and,
if the key is known, modify the configuration.
- Degrade the performance of affected devices and cause the Web server
to become unresponsive, potentially denying service to legitimate users.
See also :
http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=308&type=vulnerabilities
Solution :
Upgrade to firmware version 4.20.7 or later.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
