Intrusion Prevention

Linksys.Routers.Gozila.CGI.DoS

Description

Multiple Linksys routers have a denial of service vulnerability. A remote attacker could cause the server to crash the appliance by sending a specially-crafted HTTP POST request with overly large parameters " sysPasswd", "sysPasswdConfirm" and "DomainName" to the "Gozila.cgi" script.

Affected Products

Linksys EtherFast BEFSR11 any version
Linksys EtherFast BEFSR41 3
Linksys EtherFast BEFSR81 1
Linksys EtherFast BEFSR81 3
Linksys EtherFast BEFSRU31 any version
Linksys EtherFast BEFSX41 any version
Linksys EtherFast BEFW11S4 3
Linksys EtherFast BEFW11S4 4

Impact

Denial of Service

Recommended Actions

Linksys EtherFast BEFSX41 router:
Upgrade to the latest firmware version (1.42.7 or later):
http://www.linksys.com/
Other:
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.linksys.com/