Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1556

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2009-1556
Last Modified 23 May 2009 01:31:46
Published 06 May 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-1556

Summary

img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507.

Vulnerable Systems


References

VUPEN - ADV-2009-1173

BID - 34629

MISC - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/

SECUNIA - 34767


Last Updated: 27 May 2016 10:50:36