CVE-2009-1561

Published: May 6, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.

Affected (1)

Products: Cisco: Wrt54gc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Wrt54gc	Version 1.05.7

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (12)

http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html

Source: cve@mitre.org

http://packetstormsecurity.org/0904-exploits/linksysadmin-passwd.txt

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/34805

Source: cve@mitre.org

Vendor Advisory

http://www.falandodeseguranca.com/?p=17

Source: cve@mitre.org

http://www.securityfocus.com/bid/34616

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2009/1172

Source: cve@mitre.org

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.org/0904-exploits/linksysadmin-passwd.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/34805

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.falandodeseguranca.com/?p=17

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34616

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2009/1172

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.