Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1247

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1247
Last Modified 10 Sep 2008 09:07:17
Published 10 Mar 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1247

Summary

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

Vulnerable Systems


References

MISC - https://kinqpinz.info/lib/wrt54g/own2.txt

MISC - https://kinqpinz.info/lib/wrt54g/

BUGTRAQ - 20080301 The Router Hacking Challenge is Over!

MILW0RM - 5926

MISC - http://www.gnucitizen.org/projects/router-hacking-challenge/

MISC - http://kinqpinz.info/lib/wrt54g/own.txt

XF - linksys-wrt54g-security-bypass(41118)

BID - 28381

MILW0RM - 5313

SECUNIA - 29344


Last Updated: 27 May 2016 10:47:05