Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
References
Link | Resource |
---|---|
http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities | Patch Vendor Advisory |
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:49
Updated: 2022-10-03T16:22:49
Reserved: 2022-10-03T00:00:00
Link: CVE-2005-2916
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-09-14T21:03:00.000
Modified: 2008-09-05T20:52:59.187
Link: CVE-2005-2916
JSON object: View
Redhat Information
No data.
CWE