CVE-2024-1405: Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure
Description
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Linksys WRT54GL 4.30.18 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /wlaninfo.htm der Komponente Web Management Interface. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-1405
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem Types
CWE-200 Information DisclosureAffected Products
Vendor: Linksys
Product: WRT54GL
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.9% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-1405https://vuldb.com/?id.253329
https://vuldb.com/?ctiid.253329
https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2