CVE-2008-4390 : The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

Published 2008-12-09 00:30:00

Updated 2024-01-25 20:50:11

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-4390

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-4390

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2008-4390

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4390

http://www.kb.cert.org/vuls/id/MAPG-7HJKSA

VU#528993 - Linksys WVC54GC wireless video camera vulnerable to information disclosure
Third Party Advisory;US Government Resource
http://www.kb.cert.org/vuls/id/528993

VU#528993 - Linksys WVC54GC wireless video camera vulnerable to information disclosure
Patch;Third Party Advisory;US Government Resource
http://www.securityfocus.com/bid/32666

Broken Link;Third Party Advisory;VDB Entry
http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17

Sites-LINKUS-Site
Product
http://secunia.com/advisories/33032

About Secunia Research | Flexera
Broken Link

Products affected by CVE-2008-4390

Cisco » Linksys Wvc54gc Firmware
Versions before (<) 1.25
cpe:2.3:o:cisco:linksys_wvc54gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Linksys Wvc54gc » Version: N/A

Vulnerability Details : CVE-2008-4390

Exploit prediction scoring system (EPSS) score for CVE-2008-4390

CVSS scores for CVE-2008-4390

CWE ids for CVE-2008-4390

References for CVE-2008-4390

Products affected by CVE-2008-4390