Vulnerability Description
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Wrt54G | 3.01.3 |
References
- http://www.idefense.com/application/poi/display?id=306&type=vulnerabilitiesPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=307&type=vulnerabilitiesPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=306&type=vulnerabilitiesPatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=307&type=vulnerabilitiesPatchVendor Advisory
FAQ
What is CVE-2005-2916?
CVE-2005-2916 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attacker...
How severe is CVE-2005-2916?
CVE-2005-2916 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2916?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wrt54G.