CVE-2008-1263

The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.gnucitizen.org/projects/router-hacking-challenge/	Exploit
http://www.securityfocus.com/archive/1/489009/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41115
http://www.gnucitizen.org/projects/router-hacking-challenge/	Exploit
http://www.securityfocus.com/archive/1/489009/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41115

Configurations

Configuration 1 (hide)

cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:44

Type	Values Removed	Values Added
References	~~() http://www.gnucitizen.org/projects/router-hacking-challenge/ - Exploit~~	() http://www.gnucitizen.org/projects/router-hacking-challenge/ - Exploit
References	~~() http://www.securityfocus.com/archive/1/489009/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/489009/100/0/threaded -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41115 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41115 -

Information

Published : 2008-03-10 17:44

Updated : 2024-11-21 00:44

NVD link : CVE-2008-1263

Mitre link : CVE-2008-1263

CVE.ORG link : CVE-2008-1263

JSON object : View

Products Affected

linksys

wrt54g

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2008-1263", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-10T17:44:00.000", "references": [{"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41115", "source": "cve@mitre.org"}, {"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41115", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI."}, {"lang": "es", "value": "El router Linksys WRT54G almacena contrase\u00f1as y claves en texto llano en el fichero Config.bin, lo cual permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n HTTP de la URI de nivel superior Config.bin."}], "lastModified": "2024-11-21T00:44:06.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBBECE9D-7805-4521-A0B1-15F2755312B8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}