PT-2010-3847 · Linksys · Linksys Wap54G

Published

2010-06-10

Updated

2018-10-10

CVE-2010-2261

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linksys WAP54Gv3 firmware versions 3.04.03 and earlier

Description The issue allows remote attackers to execute arbitrary commands by injecting shell metacharacters into specific parameters of certain web pages. Specifically, this can be done through the data2 and data3 parameters to the "Debug command page.asp" and "debug.cgi" API endpoints.

Recommendations For Linksys WAP54Gv3 firmware versions 3.04.03 and earlier, consider restricting access to the "Debug command page.asp" and "debug.cgi" endpoints until a patch is available. As a temporary workaround, avoid using the data2 and data3 parameters in these endpoints to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-2261

Affected Products

Linksys Wap54G

PT-2010-3847 · Linksys · Linksys Wap54G

CVE-2010-2261

Weakness Enumeration

Related Identifiers

Affected Products

References · 2