File Reading Vulnerability in Cisco Linksys Wireless Video Camera
CVE-2009-1556

Currently unrated

Key Information:

Vendor: Cisco
Status: Wvc54gca
Vendor: CVE Published:; 6 May 2009

Summary

The Cisco Linksys WVC54GCA wireless video camera allows remote authenticated users to exploit a vulnerability in the img/main.cgi script. By manipulating the next_file parameter, attackers can read arbitrary files from the camera's filesystem, potentially exposing sensitive information such as the admin password stored in the .htpasswd file. This flaw highlights the importance of securing device access and minimizing the attack surface by restricting file access capabilities.

References

http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras...

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/1173

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/34767

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 6, 2009
Vulnerability Reserved
May 6, 2009