Overview
The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera.
Description
The Linksys WVC54GC wireless video camera uses 916/udp for remote management commands. When a certain packet is delivered to that port, the device responds with a packet that contains the majority of the device's configuration. This packet includes details such as username, password, wireless ssid, WEP key, WEP password, WPA key, and DNS server. This packet is sent over the network unencrypted, which can allow an attacker to obtain these details. |
Impact
By delivering a specially crafted packet to 916/udp of an affected device, a remote, unauthenticated attacker may be able to obtain information to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a denial-of-service to the video camera. |
Solution
Apply an update This vulnerability is addressed in WVC54GC firmware version 1.25. Please see the release notes for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Andre Protas of eEye for reporting this vulnerability, who in turn also credits Greg Linares of eEye.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2008-4390 |
| Severity Metric: | 1.59 |
| Date Public: | 2008-01-03 |
| Date First Published: | 2008-12-05 |
| Date Last Updated: | 2008-12-05 22:18 UTC |
| Document Revision: | 10 |