CVE-2007-6708

Cisco Linksys WAG54GS Wireless-G ADSL Gateway <1.01.03 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

References (6)

[Exploit] http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/

[Exploit] http://www.gnucitizen.org/projects/router-hacking-challenge/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41269

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489009/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/43537

[Third Party Advisory, VDB Entry] http://osvdb.org/43538

Scores

EPSS 0.0026

EPSS Percentile 49.3%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

linksys/wag54gs < firmware_1.01.03

Timeline

Published Mar 13, 2008

Tracked Since Feb 18, 2026