CVE-2007-3574

Linksys WAG54GS 1.00.06 - Cross-Site Scripting via setup.cgi Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3574. PoCs published by Petko Petkov.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Linksys Wireless-G ADSL Gateway WAG54GS firmware V1.00.06. It includes a malicious URI example but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Petko Petkov · textremotehardware
https://www.exploit-db.com/exploits/30254

The provided text describes a cross-site scripting (XSS) vulnerability in Linksys Wireless-G ADSL Gateway WAG54GS firmware V1.00.06. It includes a malicious URI example but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Linksys Wireless-G ADSL Gateway WAG54GS firmware V1.00.06
Auth required
Prerequisites: Access to the admin interface · Victim interaction to open malicious URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27738/
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24682
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40878
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40877

Scores

EPSS 0.0883
EPSS Percentile 92.6%

Details

CWE
CWE-79
Status published
Products (1)
linksys/wag54gs 1.00.06
Published Jul 05, 2007
Tracked Since Feb 18, 2026