|
Belkin Wireless G Plus MIMO Router SaveCfgFile.cgi Information Disclosure
|
|
Secunia Advisory:
|
SA28554
|
|
|
Release Date:
|
2008-02-05
|
|
Popularity:
|
5,984 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Belkin Wireless G Plus MIMO Router F5D9230xx4
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2008-0403
|
|
Description:
DarkFig has reported a vulnerability in Belkin Wireless G Plus MIMO Router, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to missing authentication checks when accessing the SaveCfgFile.cgi script, which can be exploited to disclose sensitive information like the router's password.
Note: If remote management is enabled, this can also be exploited from people outside the local network.
The vulnerability is reported in Belkin Wireless G Plus MIMO Router F5D9230xx4 with version v3xxx and v5xxx.
Solution:
Restrict access to the device or use it in trusted network environments only.
Reportedly, the vendor is working on a fix. A fixed beta version should be available soon, a final version is planned to be released before end of February.
Provided and/or discovered by:
DarkFig
Original Advisory:
http://milw0rm.com/exploits/4941
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
