---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Linksys WRT54G Security Bypass Vulnerability SECUNIA ADVISORY ID: SA29344 VERIFY ADVISORY: http://secunia.com/advisories/29344/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/ DESCRIPTION: meathive has reported a vulnerability in Linksys WRT54G, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to improper authorization checks when performing administrative actions via the web interface. This can be exploited to perform restricted actions by directly accessing Basic.tri, factdefa.tri, manage.tri, WBasic.tri, WFilter.tri, dmz.tri, ddns.tri, WanMac.tri, AdvRoute.tri, Advanced.tri, fw.tri, vpn.tri, filter.tri, PortRange.tri, ptrigger.tri, qos.tri, ctlog.tri, ping.tri, tracert.tri, or rstatus.tri. The vulnerability is reported in firmware version 1.00.9. Other versions may also be affected. SOLUTION: Install updated firmware versions. WRT54G v5/v6: Install version 1.02.5. WRT54G v8: Install version 8.00.5. WRT54G v8.2: Install version 8.2.05. PROVIDED AND/OR DISCOVERED BY: meathive ORIGINAL ADVISORY: http://kinqpinz.info/lib/wrt54g/own.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------