Korean

<< Back VID 12076 Severity 40 Port 80, ... Protocol TCP Class Router Detailed Description The Linksys WRT54G Wireless Router seems to be vulnerable to multiple remote vulnerabilities. Linksys WRT54G Wireless Router versions prior to 4.20.6 are vulnerable to the following vulnerabilities: 1) Download and replace the configuration of affected routers via a special POST request to the 'restore.cgi' or 'upgrade.cgi' script. 2) Execute arbitrary machine code on the affected router with root privileges. 3) An authentication error in ezconfig.asp allows an unauthenticated remote attacker to obtain encrypted configuration information to a vulnerable device and, if the key is known, modify the configuration. 4) Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users. * References: http://secunia.com/advisories/16806/ http://securitytracker.com/alerts/2005/Sep/1014894.html http://www.osvdb.org/19386 http://www.osvdb.org/19387 http://www.osvdb.org/19388 http://www.osvdb.org/19389 http://www.osvdb.org/19390 http://www.idefense.com/application/poi/display?id=308&type=vulnerabilities http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities http://www.idefense.com/application/poi/display?id=304&type=vulnerabilities * Platforms Affected: Linksys WRT54G Wireless Router versions prior to 4.20.6 Recommendation Upgrade to the latest firmware version of Linksys WRT54G Router (4.20.7 or later), as available from the Linksys Product Download Web site at http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Content_C1%26cid%3D1115416835852&pagename=Linksys%2FCommon%2FVisitorWrapper Related URL CVE-2005-2799,CVE-2005-2912,CVE-2005-2914,CVE-2005-2915,CVE-2005-2916 (CVE) Related URL 14822 (SecurityFocus) Related URL 22253,22255,22259,22267 (ISS)