Remote Command Execution Vulnerability in Linksys WAP54Gv3
CVE-2010-2261

Currently unrated

Key Information:

Vendor: Linksys
Status: Wap54gv3
Vendor: CVE Published:; 10 June 2010

Summary

The Linksys WAP54Gv3 firmware versions 3.04.03 and earlier are susceptible to a remote command execution vulnerability. Attackers can exploit this flaw by sending crafted requests that include shell metacharacters in the data2 and data3 parameters to the Debug_command_page.asp and debug.cgi scripts. This vulnerability provides unauthorized users with the ability to execute arbitrary commands on the device, potentially leading to a complete compromise of the network associated with the vulnerable access point.

References

http://www.securityfocus.com/archive/1/511733/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jun 10, 2010
Vulnerability Reserved
Jun 9, 2010