CVE-2008-1247
Description
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
Is your site exposed to CVE-2008-1247?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| linksys | wrt54g |
References
Other References
Frequently Asked Questions
What is CVE-2008-1247? +
What products are affected by CVE-2008-1247? +
How do I check if I'm vulnerable to CVE-2008-1247? +
Related Vulnerabilities
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, …