CVE-2008-4390

HIGH

Cisco Linksys WVC54GC Firmware < 1.25 - Cleartext Transmission of Sensitive Information via Setup Wizard

Title source: llm

Description

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

References (5)

Core 5

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32666

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/528993

Third Party Advisory, US Government Resource x_refsource_confirm

http://www.kb.cert.org/vuls/id/MAPG-7HJKSA

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33032

Product x_refsource_confirm

http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17

Scores

CVSS v3 7.5

EPSS 0.0329

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (1)

cisco/linksys_wvc54gc_firmware < 1.25

Published Dec 09, 2008

Tracked Since Feb 18, 2026