[SA29344] Linksys WRT54G Security Bypass Vulnerability

2008-03-24T00:00:00
ID SECURITYVULNS:DOC:19486
Type securityvulns
Reporter Securityvulns
Modified 2008-03-24T00:00:00

Description

TITLE: Linksys WRT54G Security Bypass Vulnerability

SECUNIA ADVISORY ID: SA29344

VERIFY ADVISORY: http://secunia.com/advisories/29344/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE: From local network

OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/

DESCRIPTION: meathive has reported a vulnerability in Linksys WRT54G, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper authorization checks when performing administrative actions via the web interface. This can be exploited to perform restricted actions by directly accessing Basic.tri, factdefa.tri, manage.tri, WBasic.tri, WFilter.tri, dmz.tri, ddns.tri, WanMac.tri, AdvRoute.tri, Advanced.tri, fw.tri, vpn.tri, filter.tri, PortRange.tri, ptrigger.tri, qos.tri, ctlog.tri, ping.tri, tracert.tri, or rstatus.tri.

The vulnerability is reported in firmware version 1.00.9. Other versions may also be affected.

SOLUTION: Install updated firmware versions.

WRT54G v5/v6: Install version 1.02.5.

WRT54G v8: Install version 8.00.5.

WRT54G v8.2: Install version 8.2.05.

PROVIDED AND/OR DISCOVERED BY: meathive

ORIGINAL ADVISORY: http://kinqpinz.info/lib/wrt54g/own.txt


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.