Wrt54g Security Vulnerabilities and Issues — Wrt54g CVE List

Lucene search

LinksysWrt54g

18 matches found

CVE•added 2005/09/15 8:3 p.m.•136 views

CVE-2005-2799

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

7.5CVSS7.8AI score0.85392EPSS

CVE•added 2004/08/06 4:0 a.m.•53 views

CVE-2004-0580

DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.

5CVSS7.1AI score0.07648EPSS

CVE•added 2008/03/10 5:44 p.m.•53 views

CVE-2008-1247

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (...

10CVSS6.6AI score0.1866EPSS

CVE•added 2005/09/14 9:3 p.m.•48 views

CVE-2005-2915

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in co...

5CVSS6.4AI score0.00757EPSS

CVE•added 2008/03/10 5:44 p.m.•45 views

CVE-2008-1263

The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.

4CVSS5.9AI score0.00199EPSS

CVE•added 2011/11/22 11:55 a.m.•45 views

CVE-2011-4499

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping...

7.5CVSS7.1AI score0.00325EPSS

CVE•added 2005/09/14 9:3 p.m.•44 views

CVE-2005-2914

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configur...

7.5CVSS6.6AI score0.00757EPSS

CVE•added 2005/09/14 9:3 p.m.•41 views

CVE-2005-2916

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.

5CVSS7.2AI score0.00476EPSS

CVE•added 2006/10/10 4:6 a.m.•41 views

CVE-2006-5202

Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

5CVSS6.7AI score0.1866EPSS

CVE•added 2005/09/14 9:3 p.m.•40 views

CVE-2005-2912

Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.

5CVSS6.7AI score0.00655EPSS

CVE•added 2006/05/24 1:2 a.m.•36 views

CVE-2006-2559

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

7.5CVSS6.8AI score0.00552EPSS

CVE•added 2024/09/04 2:15 p.m.•35 views

CVE-2024-8408

A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The ...

9.8CVSS6.8AI score0.00356EPSS

CVE•added 2024/07/19 5:15 p.m.•34 views

CVE-2024-41281

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.

8.8CVSS7.6AI score0.00027EPSS

CVE•added 2005/11/29 2:0 a.m.•33 views

CVE-2004-2606

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

7.5CVSS7.1AI score0.02585EPSS

CVE•added 2005/08/03 4:0 a.m.•32 views

CVE-2005-2434

Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.

5CVSS7AI score0.0026EPSS

CVE•added 2008/03/10 5:44 p.m.•30 views

CVE-2008-1264

The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.

7.5CVSS6.5AI score0.00478EPSS

CVE•added 2008/03/10 5:44 p.m.•29 views

CVE-2008-1268

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.

10CVSS7.2AI score0.01063EPSS

CVE•added 2008/03/10 5:44 p.m.•27 views

CVE-2008-1265

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.

7.8CVSS6.8AI score0.00616EPSS