CVE-2024-1404: Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
Description
A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Linksys WRT54GL 4.30.18 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /SysInfo.htm der Komponente Web Management Interface. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-1404
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem Types
CWE-200 Information DisclosureAffected Products
Vendor: Linksys
Product: WRT54GL
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.08% (probability of being exploited)
EPSS Percentile: 23.66% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-1404https://vuldb.com/?id.253328
https://vuldb.com/?ctiid.253328
https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1