CVE-2009-1556

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera firmware 1.00R22 Cisco Linksys WVC54GCA wireless video camera firmware 1.00R24

Description: The issue allows remote authenticated users to read arbitrary files in the img/ directory via a filename in the next file parameter. This can be exploited to read sensitive files, such as .htpasswd, to obtain the admin password.

Recommendations: For firmware 1.00R22, avoid using the next file parameter in the img/main.cgi endpoint until the issue is resolved. For firmware 1.00R24, restrict access to the img/ directory to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the img/main.cgi endpoint until a patch is available.