Unauthorized Configuration Changes in Linksys WRT54g Firmware by Remote Attackers
CVE-2006-5202

Currently unrated

Key Information:

Vendor: Linksys
Status: Wrt54g
Vendor: CVE Published:; 10 October 2006

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 28%

What is CVE-2006-5202?

The Linksys WRT54g firmware version 1.00.9 contains a vulnerability that allows remote attackers to modify the router's configuration without requiring any authentication. By crafting a specific direct request to the Security.tri file, an attacker can exploit this flaw to alter security settings, such as SecurityMode and layout parameters. This exposes the device to unauthorized access and potential further attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-5202 - Proof of Concept

References

http://www.securityfocus.com/bid/19347

vdb-entryx_refsource_BID

https://kinqpinz.info/lib/wrt54g/

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2006-A...

mailing-listx_refsource_FULLDISC

EPSS Score

28% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 10, 2006
👾
Exploit known to exist
Oct 10, 2006
Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006

CVE-2006-5202 Data

JSON