CVE-2005-2916
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7 - Unauthenticated Configuration Modification and Firmware Upload
Title source: llmDescription
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
References (2)
Core 2
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=306&type=vulnerabilities
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=307&type=vulnerabilities
Scores
EPSS
0.0048
EPSS Percentile
65.1%
Details
Status
published
Products (3)
linksys/wrt54g
3.01.3
linksys/wrt54g
3.03.6
linksys/wrt54g
4.00.7
Published
Sep 14, 2005
Tracked Since
Feb 18, 2026