HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Cisco Linksys WRT54GC
Published: Jan 21, 2011
>> JAPANESE
Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in Cisco Linksys WRT54GC on January 21, 2011.
To fix this vulnerability, update the firmware to the fixed one provided by the developer.
Cisco Linksys WRT54GC is a router to interconnect the networks developed by Cisco Systems, Inc. Cisco Linksys WRT54GC is vulnerable to buffer overflow due to a flaw in processing the maliciously crafted HTTP requests. If exploited, the vulnerability could allow an attacker to render Cisco Linksys WRT54GC unresponsive.
Get the fixed version at the following URL and update the software.:
http://tools.cisco.com/security/center/viewAlert.x?alertId=22228
For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000007
The IPA first received a report concerning this vulnerability through the creditee below and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor, and made the announcement public on January 21, 2011.
Yuji Ukai / Fourteenforty Research Institute, Inc. | (Reported: August 17, 2009) |
An attacker could render Cisco Linksys WRT54GC unresponsive.
To fix this vulnerability, update the firmware to the fixed one provided by the developer.
Severity Rating (CVSS base score) |
□ Low (0.0~3.9) |
□ Medium (4.0~6.9) |
■ High (7.0~10.0) |
---|---|---|---|
CVSS base score | 7.8 |
AV:Access Vector | □ Local | □ Adjacent Network |
■ Network |
---|---|---|---|
AC:Access Complexity | □ High | □ Medium | ■ Low |
Au:Authentication | □ Multiple | □ Single | ■ None |
C:Confidentiality Impact | ■ None | □ Partial | □ Complete |
I:Integrity Impact | ■ None | □ Partial | □ Complete |
A:Availability Impact | □ None | □ Partial | ■ Complete |
■:Selected Values
This vulnerability has been CWE classified as "Buffer Errors (CWE-119)".
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: