Page 2 of 18 results (0.007 seconds)

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. El router Linksys WRT54G permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de un nombre de usuario largo y contraseña de la interfaz FTP. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41127 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. El servidor FTP en el router Linksys WRT54G 7 con software empotrado 7.00.1 no verifica credenciales de autenticación, lo cual permite a atacantes remotos establecer una sesión FTP enviando un nombre de usuario y contraseña de su elección. • http://swbae.egloos.com/1701135 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41119 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 4

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. El firmware 1.00.9 del Linksys WRT54g no necesita credenciales para hacer cambios de configuración, lo que permite a atacantes remotos modificar configuraciones de su elección mediante una petición directa a Security.tri, como ha sido demostrado usando los parámetros SecurityMode y layout, un problema diferente de CVE-2006-2559. • https://www.exploit-db.com/exploits/5926 http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html http://secunia.com/advisories/21372 http://securitytracker.com/id?1016638 http://www.kb.cert.org/vuls/id/930364 http://www.securityfocus.com/bid/19347 https://kinqpinz.info/lib/wrt54g https://kinqpinz.info/lib/wrt54g/own2.txt •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. • http://secunia.com/advisories/20161 http://securitytracker.com/id?1016134 http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html http://www.securityview.org/how-does-the-upnp-flaw-works.html http://www.vupen.com/english/advisories/2006/1909 https://exchange.xforce.ibmcloud.com/vulnerabilities/26707 •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0

Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. • http://www.hm2k.org/news/1141413208.html http://www.securityfocus.com/archive/1/426756/100/0/threaded http://www.securityfocus.com/archive/1/426761/100/0/threaded http://www.securityfocus.com/archive/1/426863/100/0/threaded http://www.securityfocus.com/archive/1/426934/100/0/threaded http://www.securityfocus.com/bid/16954 https://exchange.xforce.ibmcloud.com/vulnerabilities/25230 •