CVE-2008-1247
Linksys WRT54g 1.00.9 - Unauthenticated Arbitrary Administrative Actions via Direct Script Request
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2008-1247. PoCs published by meathive.
AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Linksys WRT54G routers, allowing remote attackers to modify router settings via direct POST requests to specific scripts without credentials. The PoC includes HTML forms and JavaScript to automate the submission of malicious configuration changes.
Description
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
Exploits (2)
This exploit demonstrates an authentication bypass vulnerability in Linksys WRT54G routers, allowing remote attackers to modify router settings via direct POST requests to specific scripts without credentials. The PoC includes HTML forms and JavaScript to automate the submission of malicious configuration changes.
This exploit demonstrates multiple unauthenticated configuration changes on Linksys WRT54G routers (v1.00.9) via HTTP requests, including DNS poisoning, password resets, and wireless settings manipulation. It leverages CVE-2008-1247, an authentication bypass vulnerability.