Secunia Security Advisory - pagvac has reported some vulnerabilities in Linksys WVC54GCA, which can be exploited by malicious people to disclose sensitive information or conduct cross-site scripting attacks, and by malicious users to bypass certain security restrictions.
7a97199b3049c6372eb6b8468485d949bfe330f843fe277fb80126d928069a81
----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
Linksys WVC54GCA Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34767
VERIFY ADVISORY:
http://secunia.com/advisories/34767/
DESCRIPTION:
pagvac has reported some vulnerabilities in Linksys WVC54GCA, which
can be exploited by malicious people to disclose sensitive
information or conduct cross-site scripting attacks, and by malicious
users to bypass certain security restrictions.
1) The device sends e.g. login credentials in plain text after
receiving a specially crafted UDP packet.
This is related to vulnerability #1 in:
SA33032
2) Input passed to the "next_file" parameter in img/main.cgi is not
properly verified before being used to read files. This can be
exploited to read the .htpasswd file from the current directory and
disclose the administrator's password.
Successful exploitation of this vulnerability requires valid user
credentials.
3) Input passed to the "next_file" parameter in img/main.cgi,
main.cgi, and adm/file.cgi is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
The vulnerabilities are reported in firmware versions 1.00R22 and
1.00R24. Other versions may also be affected.
SOLUTION:
Use the product in trusted networks only.
Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY:
pagvac
ORIGINAL ADVISORY:
http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-1/
http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/
http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-4/
OTHER REFERENCES:
SA33032:
http://secunia.com/advisories/33032/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------