Vulnerability Note VU#528993

Linksys WVC54GC wireless video camera vulnerable to information disclosure

Original Release date: 05 Dec 2008 | Last revised: 05 Dec 2008

Overview

The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.

Description

The Linksys WVC54GC wireless video camera uses 916/udp for remote management commands. When a certain packet is delivered to that port, the device responds with a packet that contains the majority of the device's configuration. This packet includes details such as username, password, wireless ssid, WEP key, WEP password, WPA key, and DNS server. This packet is sent over the network unencrypted, which can allow an attacker to obtain these details.

Impact

By delivering a specially crafted packet to 916/udp of an affected device, a remote, unauthenticated attacker may be able to obtain information to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.

Solution

Apply an update

This vulnerability is addressed in WVC54GC firmware version 1.25. Please see the release notes for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Linksys (A division of Cisco Systems)Affected15 Aug 200805 Dec 2008
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Andre Protas of eEye for reporting this vulnerability, who in turn also credits Greg Linares of eEye.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2008-4390
  • Date Public: 03 Jan 2008
  • Date First Published: 05 Dec 2008
  • Date Last Updated: 05 Dec 2008
  • Severity Metric: 1.59
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.