CVE-2008-1247

NONECVSS 0.0

0.0

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

🔗 References (20)

cve@mitrehttp://kinqpinz.info/lib/wrt54g/own.txt
cve@mitrehttp://secunia.com/advisories/29344
cve@mitrehttp://www.gnucitizen.org/projects/router-hacking-challenge/
cve@mitrehttp://www.securityfocus.com/archive/1/489009/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/28381
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/41118
cve@mitrehttps://kinqpinz.info/lib/wrt54g/
cve@mitrehttps://kinqpinz.info/lib/wrt54g/own2.txt
cve@mitrehttps://www.exploit-db.com/exploits/5313
cve@mitrehttps://www.exploit-db.com/exploits/5926
af854a3a-2127-422b-91ae-364da2661108http://kinqpinz.info/lib/wrt54g/own.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29344
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/projects/router-hacking-challenge/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489009/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28381

Is Your Infrastructure Affected by CVE-2008-1247?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-1247

📅 Published

🔄 Last Modified

🔗 References (20)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-1247?