Web Interface Vulnerability in Linksys WAP54Gv3 by Cisco Systems
CVE-2010-1573

9.8CRITICAL

Key Information:

Vendor
Linksys
Status
Wap54gv3
Vendor
CVE Published:
10 June 2010

Summary

The Linksys WAP54Gv3 firmware 3.04.03 and earlier versions contain a severe vulnerability due to the use of hard-coded credentials for a debug interface. This issue allows remote attackers to exploit parameters in specific web pages, namely 'Debug_command_page.asp' and 'debug.cgi', to execute arbitrary commands. By leveraging this vulnerability, attackers can gain unauthorized control over the device, compromising network security and potentially leading to further exploits or data breaches.

References

http://www.icysilence.org/?p=268
x_refsource_MISC
http://www.vupen.com/english/advisories/2010/1419
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/40648
vdb-entryx_refsource_BID

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.