10
CVE-2008-1247
- EPSS 5.16%
- Veröffentlicht 10.03.2008 17:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.16% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.securityfocus.com/archive/1/489009/100/0/threaded
https://kinqpinz.info/lib/wrt54g/
https://kinqpinz.info/lib/wrt54g/own2.txt
https://www.exploit-db.com/exploits/5926
http://kinqpinz.info/lib/wrt54g/own.txt
http://secunia.com/advisories/29344
http://www.securityfocus.com/bid/28381
https://exchange.xforce.ibmcloud.com/vulnerabilities/41118
https://www.exploit-db.com/exploits/5313