Linksys Multiple Vulnerabilities (OF, DoS, more)

Copyright (C) 2005-2013 Josh Zlatin-Amishav

Synopsis :

The remote router is affected by multiple flaws.

Description :

The remote host appears to be a Linksys WRT54G Wireless Router.

The firmware version installed on the remote host is prone to several

- Execute arbitrary commands on the affected router with
root privilages. (CVE-2005-2916)

- Download and replace the configuration of affected
routers via a special POST request to the 'restore.cgi'
or 'upgrade.cgi' scripts. (CVE-2005-2799)

- Allow remote attackers to obtain encrypted configuration
information and, if the key is known, modify the
configuration. (CVE-2005-2914, CVE-2005-2915)

- Degrade the performance of affected devices and cause
the web server to become unresponsive, potentially
denying service to legitimate users. (CVE-2005-2912)

See also :

Solution :

Upgrade to firmware version 4.20.7 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 10.0
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 20096 (linksys_multiple_vulns.nasl)

Bugtraq ID: 14822

CVE ID: CVE-2005-2799