CVE Vulnerability

CVE-2008-4390

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.kb.cert.org/vuls/id/528993 Patch US Government Resource
http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17
http://www.kb.cert.org/vuls/id/MAPG-7HJKSA
http://secunia.com/advisories/33032
http://www.securityfocus.com/bid/32666
Configurations

Configuration 1

cpe:2.3:h:cisco:wvc54gc:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wvc54gc:1.15:*:*:*:*:*:*:*
Information

Published : 2008-12-09 12:30

Updated : 2009-08-20 05:21

NVD link : CVE-2008-4390

Mitre link : CVE-2008-4390

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information