Secunia Advisory: SA33032
Release Date: 2008-12-08
Critical: Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch
OS: Linksys WVC54GC
Description:
A security issue and a vulnerability have been reported in Linksys WVC54GC, which can be exploited by malicious people to disclose system and sensitive information and to compromise a user's system.
1) A security issue is caused due to the device sending certain information (e.g. login credentials and wireless network connection information, including WEP and WPA keys) in plain text after receiving a certain packet on port 916/UDP. This can be exploited to gain access to sensitive information by sending a specially crafted packet to a vulnerable device.
2) A vulnerability is caused due to a boundary error in the "SetSource()" method of the NetCamPlayerWeb11gv2 ActiveX control (NetCamPlayerWeb11gv2.ocx). This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website.
The security issue and the vulnerability are reported in versions prior to 1.25.
Solution:
Update to version 1.25.
Bollettino Sicurezza
Trattasi di Videocamera compatta Wireless
Release Date: 2008-12-08
Critical: Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch
OS: Linksys WVC54GC
Description:
A security issue and a vulnerability have been reported in Linksys WVC54GC, which can be exploited by malicious people to disclose system and sensitive information and to compromise a user's system.
1) A security issue is caused due to the device sending certain information (e.g. login credentials and wireless network connection information, including WEP and WPA keys) in plain text after receiving a certain packet on port 916/UDP. This can be exploited to gain access to sensitive information by sending a specially crafted packet to a vulnerable device.
2) A vulnerability is caused due to a boundary error in the "SetSource()" method of the NetCamPlayerWeb11gv2 ActiveX control (NetCamPlayerWeb11gv2.ocx). This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website.
The security issue and the vulnerability are reported in versions prior to 1.25.
Solution:
Update to version 1.25.
Bollettino Sicurezza
Trattasi di Videocamera compatta Wireless