Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

EUVD-2009-1552

Malware in sbrugna...

EUVD-2009-1555

Malware in sbrugna...

Directory traversal

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

Code injection

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in 1 passwd.htm and 2 Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code...

CVE-2009-1557

Multiple cross-site scripting XSS vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the nextfile parameter to 1 main.cgi, 2 img/main.cgi, or 3 adm/file.cgi; or 4 the thisfile...

Memory corruption

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the nextfile parameter to 1 main.cgi, 2 img/main.cgi, or 3 adm/file.cgi; or 4 the thisfile...

CVE-2009-1559

Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the thisfile parameter. NOTE: traversal via a .. dot dot is probably als...

CVE-2009-1560

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in 1 passwd.htm and 2 Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code...

CVE-2009-1556

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

Design/Logic Flaw

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

CVE-2009-1555

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a...

CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

CVE-2009-1556

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the nextfile parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerabili...

CVE-2009-1558

Cisco Linksys WVC54GCA cameras with firmware 1.00R22/1.00R24 are vulnerable to local file inclusion in adm/file.cgi via the next_file parameter (using %2e or an absolute pathname). This allows reading arbitrary files on the device. The Nuclei template confirms a Local File Inclusion against the s...

CVE-2009-1556

CVE-2009-1556 (Linksys WVC54GCA) affects Cisco Linksys WVC54GCA wireless video camera firmware 1.00R22 and 1.00R24. The flaw is in the img/main.cgi component, where an attacker with remote authentication can read arbitrary files from the img/ directory by supplying a filename in the next_file par...

CVE-2009-1559

Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the thisfile parameter. NOTE: traversal via a .. dot dot is probably als...

CVE-2009-1555

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a...