CVE-2009-1557

Name of the Vulnerable Software and Affected Versions: Cisco Linksys WVC54GCA wireless video camera version 1.00R22 Cisco Linksys WVC54GCA wireless video camera version 1.00R24

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the next file parameter to API endpoints such as "main.cgi", "img/main.cgi", or "adm/file.cgi", or the this file parameter to the "adm/file.cgi" endpoint.

Recommendations: For version 1.00R22, avoid using the next file parameter in the "main.cgi", "img/main.cgi", and "adm/file.cgi" API endpoints, and the this file parameter in the "adm/file.cgi" endpoint until a patch is available. For version 1.00R24, avoid using the next file parameter in the "main.cgi", "img/main.cgi", and "adm/file.cgi" API endpoints, and the this file parameter in the "adm/file.cgi" endpoint until a patch is available.