CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8408 – Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
https://notcve.org/view.php?id=CVE-2024-8408
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md https://vuldb.com/?ctiid.276488 https://vuldb.com/?id.276488 https://vuldb.com/?submit.398567 https://www.linksys.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4499
https://notcve.org/view.php?id=CVE-2011-4499
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. La implementación de IGD UPnP de la pila UPnP Broadcom de Cisco Linksys WRT54G con firmware anterior a 4.30.5, de WRT54GS v1 hasta la versión v3 con firmware anterior a 4.71.1 y Wde RT54GS v4 con firmware anterior a 1.06.1 permite a atacantes remotos establecer "mappings" a puertos arbitrarios enviando una acción UPnP AddPortMapping en una petición SOAP a un interfaz WAN. Relacionado con una vulnerabilidad de "direccionamiento externo" ("external forwarding"). • http://www.kb.cert.org/vuls/id/357851 http://www.upnp-hacks.org/devices.html • CWE-16: Configuration •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 3CVE-2008-1247 – Linksys WRT54G Firmware 1.00.9 - Security Bypass
https://notcve.org/view.php?id=CVE-2008-1247
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. El interfaz web del Router Linksys WRT54g con firmware 1.00.9 no requiere credenciales al invocar secuencias de comandos. Esto, permite a atacantes remotos realizar acciones administrativas a través de peticiones directas a (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTA: El vector estSecurity.tri está tratado en CVE-2006-5202. • https://www.exploit-db.com/exploits/5313 http://kinqpinz.info/lib/wrt54g/own.txt http://secunia.com/advisories/29344 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28381 https://exchange.xforce.ibmcloud.com/vulnerabilities/41118 https://kinqpinz.info/lib/wrt54g https://kinqpinz.info/lib/wrt54g/own2.txt https://www.exploit-db.com/exploits/5926 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1263
https://notcve.org/view.php?id=CVE-2008-1263
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. El router Linksys WRT54G almacena contraseñas y claves en texto llano en el fichero Config.bin, lo cual permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP de la URI de nivel superior Config.bin. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41115 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1264
https://notcve.org/view.php?id=CVE-2008-1264
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. El router Linksys WRT54G tiene "admin" como su contraseña FTP por defecto, lo cual permite a atacantes remotos acceder a ficheros sensibles incluido nvram.cfg, un fichero que lista todos los documentos HTML, y un fichero ejecutable ELF. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41126 • CWE-287: Improper Authentication •