Summary
Multiple Cisco Linksys products are prone to a security-bypass vulnerability.
Impact
Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthorized access to the affected device.
Solution
Updates are available
Insight
The device listens on port 8083 with the same interface as port 80, but completely circumvents HTTP/S authentication granting admin privileges on the device.
Affected
Cisco Linksys EA2700 running firmware 1.0.14
Cisco Linksys EA3500 running firmware 1.0.30
Cisco Linksys E4200 running firmware 2.0.36
Cisco Linksys EA4500 running firmware 2.0.36
Detection
Connect to port 8083 and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5122 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 4psa Voipnow Local File Inclusion Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability