Linksys WRT54GS POST Request Configuration Change Authentication Bypass Vulnerability

Linksys WRT54GS is prone to an authentication-bypass vulnerability. Reportedly, the device permits changes in its configuration settings without requring authentication.

Linksys WRT54GS is prone to an authentication-bypass vulnerability. The problem presents itself when a victim user visits a specially crafted web page on an attacker-controlled site. An attacker can exploit this vulnerability to bypass authentication and modify the configuration settings of the device.

This issue is reported to affect firmware version 1.00.9; other firmware versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus