Jessie Chick

**Name of the Vulnerable Software and Affected Versions** Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006 **Description** A buffer overflow issue exists, allowing an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This can be triggered over the network via a malicious POST request to the `/apply.cgi` endpoint. The vulnerability is specifically related to a stack-based buffer overflow in the `Start EPI` function within the `httpd` binary. **Recommendations** For versions <= 4.30.18.006, as a temporary workaround, consider restricting access to the `/apply.cgi` endpoint until a patch is available. Additionally, limiting administrator privileges can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 (build3) and earlier **Description** An arbitrary code execution issue exists due to the `do setNTP` function within the httpd binary using unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can exploit this over the network via a malicious GET or POST request to "/setNTP.cgi" to execute arbitrary commands on the underlying Linux operating system as root. **Recommendations** For Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 (build3) and earlier, as a temporary workaround, consider disabling the `do setNTP` function until a patch is available. Restrict access to the "/setNTP.cgi" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006 **Description** A null pointer dereference issue exists in the `soap action` function within the upnp binary. This can be triggered by an unauthenticated attacker via a malicious POST request invoking the `AddPortMapping` action. **Recommendations** For versions <= 4.30.18.006, update the firmware to a version higher than 4.30.18.006 to resolve the issue. As a temporary workaround, consider restricting access to the upnp binary to minimize the risk of exploitation. Avoid using the `AddPortMapping` action in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006 **Description** An arbitrary code execution issue exists due to the `Check TSSI` function within the httpd binary using unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can exploit this over the network via a malicious POST request to "/apply.cgi" to execute arbitrary commands on the underlying Linux operating system as root. **Recommendations** For Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006, consider disabling the `Check TSSI` function as a temporary workaround until a patch is available. Restrict access to the "/apply.cgi" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.