CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:wap54g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:wap54g:3:*:*:*:*:*:*:*

History

13 Feb 2024, 16:43

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : unknown
v2 : 10.0
v3 : 9.8
CWE CWE-255 CWE-798
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/59286 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/59286 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/40103 - (SECUNIA) http://secunia.com/advisories/40103 - Broken Link
References (CONFIRM) http://tools.cisco.com/security/center/viewAlert.x?alertId=20682 - Vendor Advisory (CONFIRM) http://tools.cisco.com/security/center/viewAlert.x?alertId=20682 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/511733/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/511733/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/40648 - (BID) http://www.securityfocus.com/bid/40648 - Broken Link, Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2010/1419 - (VUPEN) http://www.vupen.com/english/advisories/2010/1419 - Broken Link
First Time Linksys wap54g Firmware
Linksys wap54g
CPE cpe:2.3:h:linksys:wap54gv3:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:wap54gv3:3.05.03:*:*:*:*:*:*:*
cpe:2.3:o:linksys:wap54g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:wap54g:3:*:*:*:*:*:*:*

Information

Published : 2010-06-10 00:30

Updated : 2024-02-28 11:41


NVD link : CVE-2010-1573

Mitre link : CVE-2010-1573

CVE.ORG link : CVE-2010-1573


JSON object : View

Products Affected

linksys

  • wap54g
  • wap54g_firmware
CWE
CWE-798

Use of Hard-coded Credentials