iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the upgrade.cgi component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router firmware. The vulnerability specifically exists in the POST method of the upgrade.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The upgrade.cgi handler allows a user to upload new firmware, which contains the operating system and applications, into the non-volatile memory of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
579720bc1784ef15c6e2733f48c794db8088d0e54246933e0848b20b06762808