VAR-201704-1629
Vulnerability from variot - Updated: 2022-05-04 10:12LinksysSmartWi-FiRouters are smart Wi-Fi routers. There is an authentication bypass vulnerability in LinksysSmartWi-FiRouters. Attackers can bypass CGI scripts to collect sensitive information such as firmware version, Linux kernel version, running process list, USB device connection, WPS PIN code. Unauthenticated attackers can obtain sensitive information, such as using a set of APIs to list all connected devices and their respective operating systems, accessing firewall configurations, reading FTP configuration settings, or unzipping SMB server settings.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1629",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt3200acm",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys wrt1900acs",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys wrt1900ac",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys wrt1200ac",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea9500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea9400",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea9200",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea8500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea8300",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea7500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea7400",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea7300",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6900",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6700",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6400",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6350v3",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6350v2",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6300",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6200",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea6100",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea4500v3",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea3500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea2750",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "linksys ea2700",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05026",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-05026",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LinksysSmartWi-FiRouters are smart Wi-Fi routers. There is an authentication bypass vulnerability in LinksysSmartWi-FiRouters. Attackers can bypass CGI scripts to collect sensitive information such as firmware version, Linux kernel version, running process list, USB device connection, WPS PIN code. Unauthenticated attackers can obtain sensitive information, such as using a set of APIs to list all connected devices and their respective operating systems, accessing firewall configurations, reading FTP configuration settings, or unzipping SMB server settings.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05026",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"id": "VAR-201704-1629",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"last_update_date": "2022-05-04T10:12:12.533000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.linksys.com/us/support-article?articlenum=246427"
},
{
"trust": 0.6,
"url": "http://blog.ioactive.com/2017/04/linksys-smart-wi-fi-vulnerabilities.html"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/58177/hacking/linksys-routers-flaws.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05026"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys Smart Wi-Fi Routers Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05026"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…