Unknown Functionality Vulnerability in Linksys WRT54GL Could Lead to Information Disclosure
CVE-2024-1404

4.3MEDIUM

Key Information:

Vendor: Linksys
Status: Wrt54gl
Vendor: CVE Published:; 9 February 2024

Badges

👾 Exploit Exists

What is CVE-2024-1404?

A vulnerability has been identified in the Linksys WRT54GL version 4.30.18, specifically within the Web Management Interface's /SysInfo.htm component, posing a risk of information disclosure. Malicious actors may exploit this vulnerability to gain unauthorized access to sensitive information. Despite early engagement, the vendor has not addressed this issue or provided any response regarding the vulnerability disclosure. Users of the affected model should take precautionary measures to secure their devices and monitor for potential exploits.

Affected Version(s)

WRT54GL 4.30.18

References

https://vuldb.com/?id.253328

vdb-entry

https://vuldb.com/?ctiid.253328

signaturepermissions-required

https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1

exploit

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 9, 2024
Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Feb 9, 2024

Credit

leetsun (VulDB User)