|Category:||Web application abuses|
|Title:||Linksys Devices Multiple Vulnerabilities|
|Summary:||This host is running linksys device and is; prone to multiple vulnerabilities.|
This host is running linksys device and is
prone to multiple vulnerabilities.
Multiple flaws exists due to,
- A crafted GET request can reboot the whole device or freeze the web interface
and the DHCP service. This action does not require authentication.
- An error in the web service, so a header injection can be triggered without
- The session ID for administrative users can be fetched from the device from
LAN without credentials because of insecure session handling.
- An attacker can change any configuration of the device by luring a user to
click on a malicious link or surf to a malicious web-site.
- Insufficient validation of user input in Admin Interface.
Successful exploitation will allow remote
attackers to conduct a denial-of-service, HTTP header injection, open redirect,
information disclosure, CSRF and XSS attacks on the affected device.
Impact Level: System/Application
Linksys E2500 firmware version 3.0.02 (build 2)
Linksys E900 firmware version 1.0.06
Linksys E1200 firmware version 2.0.07 (build 5)
Linksys E8400 AC2400 Dual-Band Wi-Fi Router
Linksys E900-ME firmware version: 1.0.06
Linksys E1500 firmware version: 1.0.06 (build 1)
Linksys E3200 firmware version: 1.0.05 (build 2)
Linksys E4200 firmware version: 1.0.06 (build 3)
Linksys WRT54G2 firmware version: 1.5.02 (build 5)
This list may not be accurate and/or complete!
No solution or patch is available as of 19th
October, 2017. Information regarding this issue will be updated once solution
details are available. For details refer to http://www.linksys.com
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.