Lucene search

[email protected]NVD:CVE-2008-1247

HistoryMar 10, 2008 - 5:44 p.m.

CVE-2008-1247

2008-03-1017:44:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.127

Percentile

95.6%

JSON

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

Affected configurations

Nvd

Node

linksyswrt54g1.00.9

VendorProductVersionCPE
linksyswrt54g*cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	wrt54g	*	cpe:2.3:h:linksys:wrt54g:::1.00.9:::::*

References

kinqpinz.info/lib/wrt54g/own.txt

secunia.com/advisories/29344

www.gnucitizen.org/projects/router-hacking-challenge/

www.securityfocus.com/archive/1/489009/100/0/threaded

www.securityfocus.com/bid/28381

exchange.xforce.ibmcloud.com/vulnerabilities/41118

kinqpinz.info/lib/wrt54g/

kinqpinz.info/lib/wrt54g/own2.txt

www.exploit-db.com/exploits/5313

www.exploit-db.com/exploits/5926

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.127

Percentile

95.6%

JSON

Related for NVD:CVE-2008-1247

cvelist2 exploitpack2 zdt2 cve2 exploitdb2 packetstorm2 prion1 seebug2 nvd1