Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Cisco Linksys WRT54GC

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Cisco Linksys WRT54GC

Published: Jan 21, 2011
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in Cisco Linksys WRT54GC on January 21, 2011.
To fix this vulnerability, update the firmware to the fixed one provided by the developer.

1.Overview

Cisco Linksys WRT54GC is a router to interconnect the networks developed by Cisco Systems, Inc. Cisco Linksys WRT54GC is vulnerable to buffer overflow due to a flaw in processing the maliciously crafted HTTP requests. If exploited, the vulnerability could allow an attacker to render Cisco Linksys WRT54GC unresponsive.

Get the fixed version at the following URL and update the software.:
http://tools.cisco.com/security/center/viewAlert.x?alertId=22228

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000007

The IPA first received a report concerning this vulnerability through the creditee below and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor, and made the announcement public on January 21, 2011.

Yuji Ukai / Fourteenforty Research Institute, Inc. (Reported: August 17, 2009)

2.Impact

An attacker could render Cisco Linksys WRT54GC unresponsive.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the firmware to the fixed one provided by the developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score  
7.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact ■ None □ Partial □ Complete
I:Integrity Impact ■ None □ Partial □ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "Buffer Errors (CWE-119)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: