Unauthorized Configuration Changes in Linksys WRT54g Firmware by Remote Attackers
CVE-2006-5202

Currently unrated

Key Information:

Vendor: Linksys
Status: Wrt54g
Vendor: CVE Published:; 10 October 2006

What is CVE-2006-5202?

The Linksys WRT54g firmware version 1.00.9 contains a vulnerability that allows remote attackers to modify the router's configuration without requiring any authentication. By crafting a specific direct request to the Security.tri file, an attacker can exploit this flaw to alter security settings, such as SecurityMode and layout parameters. This exposes the device to unauthorized access and potential further attacks.

References

http://www.securityfocus.com/bid/19347

vdb-entryx_refsource_BID

https://kinqpinz.info/lib/wrt54g/

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2006-A...

mailing-listx_refsource_FULLDISC

EPSS Score

18% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006