Lucene search

[email protected]CVE-2009-1557

HistoryMay 06, 2009 - 4:30 p.m.

CVE-2009-1557

2009-05-0616:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cwe-79

cve-2009-1557

cisco

linksys

wvc54gca

xss

firmware

web script

html

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.408 Medium

EPSS

Percentile

97.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.

Affected configurations

NVD

Node

ciscowvc54gcaMatch1.00r22

ciscowvc54gcaMatch1.00r24

CPENameOperatorVersion
cisco:wvc54gcacisco wvc54gcaeq1.00r22
cisco:wvc54gcacisco wvc54gcaeq1.00r24

CPE	Name	Operator	Version
cisco:wvc54gca	cisco wvc54gca	eq	1.00r22
cisco:wvc54gca	cisco wvc54gca	eq	1.00r24

References

secunia.com/advisories/34767

www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/

www.securityfocus.com/bid/34714

www.vupen.com/english/advisories/2009/1173

exchange.xforce.ibmcloud.com/vulnerabilities/50224

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.408 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2009-1557

prion1 cvelist1 nvd1