CVE-2005-2799

Linksys WRT54G <4.20.7 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-2799. PoCs published by Metasploit, Raphael Rigo, including Metasploit module exploits/linux/http/linksys_wrt54gl_apply_exec.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in the Linksys WRT54G/GS routers' apply.cgi, allowing remote code execution via a crafted POST request. It targets multiple firmware versions and uses a MIPSLE payload.

Description

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/16854

This Metasploit module exploits a stack buffer overflow in the Linksys WRT54G/GS routers' apply.cgi, allowing remote code execution via a crafted POST request. It targets multiple firmware versions and uses a MIPSLE payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Linksys WRT54G/GS routers (firmware versions prior to 4.20.7 and 1.05.2)
No auth needed
Prerequisites: Network access to the router's web interface · Vulnerable firmware version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Raphael Rigo · rubyremotecgi
https://www.exploit-db.com/exploits/10028

This Metasploit module exploits a stack overflow in the Linksys WRT54G and WRT54GS routers' apply.cgi. It targets a buffer overflow vulnerability (CVE-2005-2799) by sending a maliciously crafted POST request with a large payload to overwrite the return address and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Linksys WRT54G (prior to 4.20.7) and WRT54GS (prior to 1.05.2)
No auth needed
Prerequisites: Network access to the target router · Vulnerable firmware version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC MANUAL
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb

This Metasploit module exploits an authenticated OS command injection vulnerability in the Linksys WRT54GL router's web interface via the apply.cgi endpoint. It supports both command execution and MIPS payload delivery, with options to restore the original configuration post-exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Linksys WRT54GL (and possibly other models)
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linksys_apply_cgi.rb

This Metasploit module exploits a stack buffer overflow in the Linksys WRT54G and WRT54GS routers' apply.cgi endpoint. It sends a malicious POST request with a crafted payload to overwrite the return address and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Linksys WRT54G (prior to 4.20.7) and WRT54GS (prior to 1.05.2)
No auth needed
Prerequisites: Network access to the target device · apply.cgi endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities

Scores

EPSS 0.7142
EPSS Percentile 99.3%

Details

Status published
Products (2)
linksys/wrt54g 3.01.3
linksys/wrt54g 3.03.6
Published Sep 15, 2005
Tracked Since Feb 18, 2026