VAR-201301-0469
Vulnerability from variot - Updated: 2022-05-17 02:09Allows an attacker to perform malicious actions. The Cisco Linksys WRT54GL Router is a wireless routing device. A security vulnerability exists in the Cisco Linksys WRT54GL Router. Due to the lack of filtering on the wan_hostnam parameter, an attacker can exploit the vulnerability to inject and execute arbitrary shell commands. Since changing the current password does not require providing current password information, an attacker is allowed to submit a malicious request to change the password information. A command-execution vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability 4. A cross-site scripting vulnerability 5. Cisco Linksys WRT54GL 1.1 running firmware version 4.30.15 build 2 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt54gl router build",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "4.30.152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "m-1-k-3",
"sources": [
{
"db": "BID",
"id": "57459"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allows an attacker to perform malicious actions. The Cisco Linksys WRT54GL Router is a wireless routing device. A security vulnerability exists in the Cisco Linksys WRT54GL Router. Due to the lack of filtering on the wan_hostnam parameter, an attacker can exploit the vulnerability to inject and execute arbitrary shell commands. Since changing the current password does not require providing current password information, an attacker is allowed to submit a malicious request to change the password information. A command-execution vulnerability\n2. A security-bypass vulnerability\n3. A cross-site request-forgery vulnerability\n4. A cross-site scripting vulnerability\n5. \nCisco Linksys WRT54GL 1.1 running firmware version 4.30.15 build 2 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"db": "BID",
"id": "57459"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "57459",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "24202",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2013-00452",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-00448",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-00454",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-00450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"db": "BID",
"id": "57459"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
]
},
"id": "VAR-201301-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
}
],
"trust": 3.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
}
]
},
"last_update_date": "2022-05-17T02:09:07.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Cisco Linksys WRT54GL Router Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/30351"
},
{
"title": "Cisco Linksys WRT54GL Router \u0027wan_hostnam\u0027 command to execute the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/30312"
},
{
"title": "Patch for Cisco Linksys WRT54GL Router Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/30371"
},
{
"title": "Cisco Linksys WRT54GL Router Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/30332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.exploit-db.com/exploits/24202/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57459"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"db": "BID",
"id": "57459"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"date": "2013-01-18T00:00:00",
"db": "BID",
"id": "57459"
},
{
"date": "2013-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00452"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00448"
},
{
"date": "2013-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00454"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00450"
},
{
"date": "2013-04-10T06:18:00",
"db": "BID",
"id": "57459"
},
{
"date": "2013-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys WRT54GL Router Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "57459"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-398"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "57459"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…