CVE-2004-2606

Sažetak

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

Reference

ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
http://secunia.com/advisories/11754
http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
http://www.nwfusion.com/news/2004/0607confuse.html
http://www.osvdb.org/6577
http://www.securityfocus.com/archive/1/365175
http://www.securityfocus.com/archive/1/365227/30/0/threaded
http://www.securityfocus.com/bid/10441
https://exchange.xforce.ibmcloud.com/vulnerabilities/16274

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

31-12-2004 - 05:00