CVE-2008-0228

Linksys WRT54GL 4.30.9 - Cross-Site Request Forgery via apply.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0228. PoCs published by SpiderLabs.

AI-analyzed exploit summary This repository provides a reference implementation for a workaround related to CVE-2011-0228, focusing on certificate validation in iOS. It includes compilation and usage instructions for a tool that processes DER-formatted certificates.

Description

Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

Exploits (1)

nomisec WRITEUP 7 stars
by SpiderLabs · poc
https://github.com/SpiderLabs/TWSL2011-007_iOS_code_workaround

This repository provides a reference implementation for a workaround related to CVE-2011-0228, focusing on certificate validation in iOS. It includes compilation and usage instructions for a tool that processes DER-formatted certificates.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: iOS (certificate validation)
No auth needed
Prerequisites: Apple iOS SDK · DER-formatted certificate file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39502
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3534
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28364
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485853/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486362/100/0/threaded

Scores

EPSS 0.0181
EPSS Percentile 83.1%

Details

CWE
CWE-352
Status published
Products (1)
linksys/wrt54gl 4.30.9
Published Jan 10, 2008
Tracked Since Feb 18, 2026