Shodan
Vulnerabilities
Vulnerable Software
Linksys:  >> Wrt54g  Security Vulnerabilities
CVE-2005-2799
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVSS Score
7.5
EPSS Score
0.854
Published
2005-09-15
CVE-2005-2912
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-09-14
CVE-2005-2914
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
CVSS Score
7.5
EPSS Score
0.008
Published
2005-09-14
CVE-2005-2915
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
CVSS Score
5.0
EPSS Score
0.002
Published
2005-09-14
CVE-2005-2916
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-09-14
CVE-2005-2434
Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-08-03
CVE-2004-2606
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
CVSS Score
7.5
EPSS Score
0.026
Published
2004-12-31
CVE-2004-0580
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.075
Published
2004-08-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved