CVE-2005-2434 - Vulnerability Details - OpenCVE

Description

Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.

Published: 2005-08-03

Score: 5.0 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2005-2435	Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0026.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112258422806340&w=2
http://secunia.com/advisories/16271
http://securitytracker.com/id?1014596
http://www.securityfocus.com/bid/14407
https://exchange.xforce.ibmcloud.com/vulnerabilities/21635

History

No history.

Subscriptions

Linksys Wrt54g

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-03T04:00:00.000Z

Updated: 2024-08-07T22:30:01.640Z

Reserved: 2005-08-03T00:00:00.000Z

Link: CVE-2005-2434

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-08-03T04:00:00.000

Modified: 2026-04-16T00:27:16.627

Link: CVE-2005-2434

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "14407", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14407"}, {"name": "20050728 Vulnerability in Linksys Router access", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2"}, {"name": "1014596", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014596"}, {"name": "linksys-wrt54g-session-decrypt(21635)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"}, {"name": "16271", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16271"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "14407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14407"}, {"name": "20050728 Vulnerability in Linksys Router access", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2"}, {"name": "1014596", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014596"}, {"name": "linksys-wrt54g-session-decrypt(21635)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"}, {"name": "16271", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16271"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:30:01.640Z"}, "title": "CVE Program Container", "references": [{"name": "14407", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14407"}, {"name": "20050728 Vulnerability in Linksys Router access", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2"}, {"name": "1014596", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014596"}, {"name": "linksys-wrt54g-session-decrypt(21635)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"}, {"name": "16271", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16271"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2434", "datePublished": "2005-08-03T04:00:00.000Z", "dateReserved": "2005-08-03T00:00:00.000Z", "dateUpdated": "2024-08-07T22:30:01.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBBECE9D-7805-4521-A0B1-15F2755312B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information."}, {"lang": "es", "value": "El r\u00fater de Linksys WRT54G usa la misma clave privada en todos los r\u00fater, lo que permite que atacantes remotos puedan escuchar conexiones SSL y obtener as\u00ed informaci\u00f3n confidencial."}], "id": "CVE-2005-2434", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/16271"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014596"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14407"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=112258422806340&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/16271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}