VulnCheck KEV: CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

Directory traversal

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

CVE-2009-1557

Multiple cross-site scripting XSS vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the nextfile parameter to 1 main.cgi, 2 img/main.cgi, or 3 adm/file.cgi; or 4 the thisfile...

CVE-2009-1559

Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the thisfile parameter. NOTE: traversal via a .. dot dot is probably als...

Design/Logic Flaw

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

CVE-2009-1558

Cisco Linksys WVC54GCA cameras with firmware 1.00R22/1.00R24 are vulnerable to local file inclusion in adm/file.cgi via the next_file parameter (using %2e or an absolute pathname). This allows reading arbitrary files on the device. The Nuclei template confirms a Local File Inclusion against the s...

CVE-2009-1559

The CVE-2009-1559 entry relates to an absolute path traversal vulnerability in the adm/file.cgi component of the Cisco Linksys WVC54GCA wireless video camera. Affected firmware is listed as 1.00R24 and possibly 1.00R22. The vulnerability allows remote attackers to read arbitrary files by supplyin...

CVE-2008-4391

Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments...

CVE-2008-4390

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network...

CVE-2008-4390

The CVE-2008-4390 entry affects Cisco Linksys WVC54GC/GCAs (wireless video cameras) prior to firmware 1.25. The issue is that, in response to a Setup Wizard remote-management command, the device sends cleartext configuration data over the network, enabling remote attackers to obtain sensitive det...

CVE-2008-4390

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network...