Detections
Analytics

Linksys Smart Wi-Fi Router CGI Scripts Information Disclosure

medium Nessus Plugin ID 101813

Language:

Synopsis

The remote device is affected by an information disclosure vulnerability

Description

The remote Linksys Smart Wi-Fi Router device is affected by an information disclosure vulnerability in its web administration interface due to a flaw that allows bypassing authentication mechanisms for various CGI scripts. An unauthenticated, remote attacker can exploit this to disclose sensitive information related to the device, such as WPS pin information.

Solution

Follow the vendor recommendation for upgrade or mitigation.

See Also

http://www.nessus.org/u?554068d3

https://www.linksys.com/us/support-article?articleNum=246427

Plugin Details

Severity: Medium

ID: 101813

File Name: linksys_smart_wifi_info_disclosure.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 7/19/2017

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: x-cpe:/a:linksys:linksyssmartwifi

Required KB Items: installed_sw/Linksys Smart Wi-Fi WWW

Exploited by Nessus: true

Patch Publication Date: 4/20/2017

Vulnerability Publication Date: 4/20/2017