PT-2004-1679 · Linksys · Linksys Befsr81+3

Lance Armstrong

Published

2004-06-23

Updated

2018-08-13

CVE-2004-0580

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers version 1.45.7

Description The issue concerns the DHCP service on certain Linksys Cable/DSL Routers. It does not properly clear previously used buffer contents in a BOOTP reply packet. This allows remote attackers to obtain sensitive information.

Recommendations For version 1.45.7, consider updating the firmware to a newer version that addresses this issue, as the current version does not properly handle buffer contents in BOOTP reply packets.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0580

Affected Products

Linksys Befsr11

Linksys Befsr41

Linksys Befsr81

Linksys Befsru31

PT-2004-1679 · Linksys · Linksys Befsr81+3

CVE-2004-0580

Related Identifiers

Affected Products

References · 9