Back to search
CVE-2007-6708
Published: Mar 13, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080301 The Router Hacking Challenge is Over!
mailing-list
x_refsource_BUGTRAQ
http://www.gnucitizen.org/projects/router-hacking-challenge/
x_refsource_MISC
43537
vdb-entry
x_refsource_OSVDB
linksys-wag54gs-setup-csfr(41269)
vdb-entry
x_refsource_XF
43538
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now