PT-2010-3847 · Linksys · Linksys Wap54G

Publicado

2010-06-10

Atualizado

2018-10-10

CVE-2010-2261

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linksys WAP54Gv3 firmware versions 3.04.03 and earlier

Description The issue allows remote attackers to execute arbitrary commands by injecting shell metacharacters into specific parameters of certain web pages. Specifically, this can be done through the data2 and data3 parameters to the "Debug command page.asp" and "debug.cgi" API endpoints.

Recommendations For Linksys WAP54Gv3 firmware versions 3.04.03 and earlier, consider restricting access to the "Debug command page.asp" and "debug.cgi" endpoints until a patch is available. As a temporary workaround, avoid using the data2 and data3 parameters in these endpoints to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2010-2261

Produtos afetados

Linksys Wap54G

PT-2010-3847 · Linksys · Linksys Wap54G

CVE-2010-2261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2