CVE-2010-1573

Name of the Vulnerable Software and Affected Versions Linksys WAP54Gv3 firmware versions 3.04.03 and earlier

Description The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the hard-coded username is Gemtek and the password is gemtekswd. Attackers can exploit this via the data1, data2, or data3 parameters to the "Debug command page.asp" and "debug.cgi" API endpoints.

Recommendations For Linksys WAP54Gv3 firmware versions 3.04.03 and earlier, consider changing the hard-coded username and password for the debug interface as a temporary workaround. Restrict access to the "Debug command page.asp" and "debug.cgi" API endpoints to minimize the risk of exploitation. Avoid using the data1, data2, or data3 parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.