Test ID:	1.3.6.1.4.1.25623.1.0.812040
Category:	Web application abuses
Title:	Linksys Devices Multiple Vulnerabilities
Summary:	Multiple Linksys devices are prone to multiple vulnerabilities.
Description:	Summary: Multiple Linksys devices are prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A crafted GET request can reboot the whole device or freeze the web interface and the DHCP service. This action does not require authentication. - An error in the web service, so a header injection can be triggered without authentication. - The session ID for administrative users can be fetched from the device from LAN without credentials because of insecure session handling. - An attacker can change any configuration of the device by luring a user to click on a malicious link or surf to a malicious web-site. - Insufficient validation of user input in Admin Interface. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct a denial-of-service, HTTP header injection, open redirect, information disclosure, CSRF and XSS attacks on the affected device. Affected Software/OS: Linksys E2500 firmware version 3.0.02 (build 2) Linksys E900 firmware version 1.0.06 Linksys E1200 firmware version 2.0.07 (build 5) Linksys E8400 AC2400 Dual-Band Wi-Fi Router Linksys E900-ME firmware version: 1.0.06 Linksys E1500 firmware version: 1.0.06 (build 1) Linksys E3200 firmware version: 1.0.05 (build 2) Linksys E4200 firmware version: 1.0.06 (build 3) Linksys WRT54G2 firmware version: 1.5.02 (build 5) This list may not be accurate and/or complete! Solution: Update to the latest available firmware. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.