Vulnerability Details : CVE-2004-2606
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Products affected by CVE-2004-2606
- cpe:2.3:h:linksys:wrt54g:2.02.7:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:befsr41_v3:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2606
2.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2606
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-2606
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
-
http://www.nwfusion.com/news/2004/0607confuse.html
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
-
http://www.securityfocus.com/archive/1/365175
-
http://www.securityfocus.com/bid/10441
Patch
-
http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
-
http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
-
http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
Patch
-
ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
Patch
-
http://www.securityfocus.com/archive/1/365227/30/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16274
Jump to