Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
References
Link | Resource |
---|---|
http://secunia.com/advisories/40103 | Broken Link |
http://tools.cisco.com/security/center/viewAlert.x?alertId=20682 | Broken Link Vendor Advisory |
http://www.icysilence.org/?p=268 | Exploit |
http://www.securityfocus.com/archive/1/511733/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/40648 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2010/1419 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/59286 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Feb 2024, 16:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CWE | CWE-798 | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/59286 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/40103 - Broken Link | |
References | (CONFIRM) http://tools.cisco.com/security/center/viewAlert.x?alertId=20682 - Broken Link, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/511733/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/40648 - Broken Link, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/1419 - Broken Link | |
First Time |
Linksys wap54g Firmware
Linksys wap54g |
|
CPE | cpe:2.3:h:linksys:wap54gv3:3.05.03:*:*:*:*:*:*:* |
cpe:2.3:o:linksys:wap54g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:linksys:wap54g:3:*:*:*:*:*:*:* |
Information
Published : 2010-06-10 00:30
Updated : 2024-02-28 11:41
NVD link : CVE-2010-1573
Mitre link : CVE-2010-1573
CVE.ORG link : CVE-2010-1573
JSON object : View
Products Affected
linksys
- wap54g
- wap54g_firmware
CWE
CWE-798
Use of Hard-coded Credentials