提出 #276024: Linksys WRT54GL Wireless-G WiFi Router v4.30.18 Incorrect Access Control情報

タイトルLinksys WRT54GL Wireless-G WiFi Router v4.30.18 Incorrect Access Control
説明# Info Leak in Linksys-WRT54GL Router ## Overview * Type: Information leak * Supplier: Linksys * Product: WRT54GL Wireless-G WiFi Router * Affect version: (lastest) v4.30.18 * Firmware download: https://downloads.linksys.com/downloads/firmware/FW_WRT54GL_4.30.18.006_US_20160108.bin ## Description An information leaking vulnerability is at the web management interface of the affected routers. Without any permission, an attacker can get sensitive information such as RAM size and MAC address from the victim URL. The victim URL is a hidden interface and isn't been protected by authentication. ## Business Impact The leaked information is sensitive and could result in serious damage. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust. ## Steps to Reproduce Visit the victim URL from the web, such sensitive information as RAM size, mac address, and some configurations are exposed.
ソース⚠️ https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3
ユーザー
 leetsun (UID 39457)
送信2024年02月01日 05:53 (2 年 ago)
モデレーション2024年02月09日 17:13 (8 days later)
ステータス承諾済み
VulDBエントリ253330 [Linksys WRT54GL 4.30.18 Web Management Interface /SysInfo1.htm 情報漏えい]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!