{"vuid":"VU#930364","idnumber":"930364","name":"Linksys WRT54G routers do not properly validate user credentials","keywords":["Linksys","WRT54G","cross-site request forgery","router configuration","HTTP requests","validity checks"],"overview":"Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes.","clean_desc":"The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a web interface that uses either HTTP or HTTPS. Before viewing configuration files, an administrator needs to supply valid credentials. The administrator's credentials are only used for viewing the device's configuration; the WRT54G does not require any credentials when making changes to configuration files. An attacker may be able to create a specially crafted web page that makes changes to the router's configuration when opened by anyone connected to the wireless or LAN ports of the router. The remote access feature on Linksys routers allows administration of the router from the WAN port. If remote administration is enabled on an affected device, an attacker on the Internet may be able to exploit this vulnerability by sending malformed commands to the web interface.","impact":"A remote, unauthenticated attacker could change the configuration of an affected router.","resolution":"There is currently no practical solution available to this problem.","workarounds":"Configure administrator password\nChanging the default password of the router may help prevent an attacker from exploiting this vulnerability after Linksys has supplied a patch. Disable remote access\nDisabling remote access may help mitigate this vulnerability. Do not open untrusted links\nAn attacker may be able to create a specially crafted URL or HTML page that exploits this vulnerability. Do not open or follow untrusted hyperlinks sent through email or instant messages. Secure your wireless network\nRestricting access to your wireless network may also mitigate this vulnerability. US-CERT Cyber Security Tip ST05-003  has instructions on how to secure your wireless network.","sysaffected":"","thanks":"This vulnerability was publicly reported by \nGinsu Rabbit","author":"This document was written by Ryan Giobbi.","public":["http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html","http://secunia.com/advisories/21372/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-08-16T16:47:08Z","publicdate":"2006-08-07T00:00:00Z","datefirstpublished":"2006-10-05T14:08:45Z","dateupdated":"2006-11-21T21:46:45Z","revision":52,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"4","cam_impact":"16","cam_easeofexploitation":"15","cam_attackeraccessrequired":"5","cam_scorecurrent":"1.98","cam_scorecurrentwidelyknown":"1.98","cam_scorecurrentwidelyknownexploited":"3.78","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.98,"vulnote":null}