Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability

Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability

Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device.

Linksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable.

UPDATE (May 29, 2009): The reporter indicates that this issue may not be remotely exploitable if the administrator credentials have been changed from the default values.