VAR-201906-0002
Vulnerability from variot - Updated: 2023-12-18 12:56On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. Linksys WAG54G2 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linksys WAG54G2 is an ADSL all-in-one with integrated modem and router. The Linksys WAG54G2 router provides a management console that is accessible only to LAN users by default. Since the special characters such as \";\", \"&\", \"|\", \"``\", \"%a0\" in the user request are not correctly filtered, the user can inject and execute the malicious request after logging in to the console. Any shell command. If the user does not change the default management password, the external network user can also exploit the vulnerability remotely by using the cross-site request forgery attack. Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device. Linksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable. UPDATE (May 29, 2009): The reporter indicates that this issue may not be remotely exploitable if the administrator credentials have been changed from the default values
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54g2",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.00.10"
},
{
"model": "wireless-g adsl2+ gateway wag54g2",
"scope": "eq",
"trust": 0.9,
"vendor": "linksys",
"version": "1.0.10"
},
{
"model": "wag54g2",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.00.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "BID",
"id": "35142"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:wag54g2_firmware:1.00.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wag54g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-5157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michal Sajdak",
"sources": [
{
"db": "BID",
"id": "35142"
}
],
"trust": 0.3
},
"cve": "CVE-2009-5157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-5157",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2009-2805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-42603",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2009-5157",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-5157",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2009-2805",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-42603",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "VULHUB",
"id": "VHN-42603"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. Linksys WAG54G2 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linksys WAG54G2 is an ADSL all-in-one with integrated modem and router. The Linksys WAG54G2 router provides a management console that is accessible only to LAN users by default. Since the special characters such as \\\";\\\", \\\"\u0026\\\", \\\"|\\\", \\\"``\\\", \\\"%a0\\\" in the user request are not correctly filtered, the user can inject and execute the malicious request after logging in to the console. Any shell command. If the user does not change the default management password, the external network user can also exploit the vulnerability remotely by using the cross-site request forgery attack. Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. \nRemote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device. \nLinksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable. \nUPDATE (May 29, 2009): The reporter indicates that this issue may not be remotely exploitable if the administrator credentials have been changed from the default values",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "BID",
"id": "35142"
},
{
"db": "VULHUB",
"id": "VHN-42603"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "35142",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2009-5157",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "8833",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2009-2805",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-404",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-42603",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "VULHUB",
"id": "VHN-42603"
},
{
"db": "BID",
"id": "35142"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"id": "VAR-201906-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "VULHUB",
"id": "VHN-42603"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
}
]
},
"last_update_date": "2023-12-18T12:56:32.280000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42603"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.securityfocus.com/archive/1/503934"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/35142"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5157"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/8833"
},
{
"trust": 0.3,
"url": "http://www.linksysbycisco.com/anz/en/products/wag54g2"
},
{
"trust": 0.3,
"url": "/archive/1/503934"
},
{
"trust": 0.3,
"url": "http://www.securitum.pl/dh/linksys_wag54g2_-_escape_to_os_root"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "VULHUB",
"id": "VHN-42603"
},
{
"db": "BID",
"id": "35142"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"db": "VULHUB",
"id": "VHN-42603"
},
{
"db": "BID",
"id": "35142"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-42603"
},
{
"date": "2009-05-15T00:00:00",
"db": "BID",
"id": "35142"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"date": "2019-06-11T21:29:00.287000",
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-2805"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-42603"
},
{
"date": "2009-06-01T16:29:00",
"db": "BID",
"id": "35142"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006631"
},
{
"date": "2019-06-17T13:26:47.327000",
"db": "NVD",
"id": "CVE-2009-5157"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WAG54G2 Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-404"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…