Vulnerability Details : CVE-2004-2606
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Exploit prediction scoring system (EPSS) score for CVE-2004-2606
Probability of exploitation activity in the next 30 days: 3.96%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-2606
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-2606
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
-
http://www.nwfusion.com/news/2004/0607confuse.html
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
-
http://www.securityfocus.com/archive/1/365175
-
http://www.securityfocus.com/bid/10441
Patch
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
-
http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
-
http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
Patch
-
ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
Patch
-
http://www.securityfocus.com/archive/1/365227/30/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16274
Products affected by CVE-2004-2606
- cpe:2.3:h:linksys:wrt54g:2.02.7:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:befsr41_v3:*:*:*:*:*:*:*:*