CVE-2005-2916

Name of the Vulnerable Software and Affected Versions Linksys WRT54G versions 3.01.03 through 4.00.7 Linksys WRT54G versions prior to 4.20.7

Description The issue allows remote attackers to modify configuration or upload new firmware without proper user authentication. This is because user authentication is not verified until after an HTTP POST request has been processed. Specifically, this can be done using the restore.cgi or upgrade.cgi endpoints.

Recommendations For versions 3.01.03 through 4.00.7, update to version 4.20.7 or later to resolve the issue. For versions prior to 4.20.7, update to version 4.20.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the restore.cgi and upgrade.cgi endpoints until a patch is available.