VULHUB ™

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.