CVE-2008-1247

Linksys WRT54g 1.00.9 - Unauthenticated Arbitrary Administrative Actions via Direct Script Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1247. PoCs published by meathive.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Linksys WRT54G routers, allowing remote attackers to modify router settings via direct POST requests to specific scripts without credentials. The PoC includes HTML forms and JavaScript to automate the submission of malicious configuration changes.

Description

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

Exploits (2)

exploitdb WORKING POC VERIFIED
by meathive · textremotehardware
https://www.exploit-db.com/exploits/5926

This exploit demonstrates an authentication bypass vulnerability in Linksys WRT54G routers, allowing remote attackers to modify router settings via direct POST requests to specific scripts without credentials. The PoC includes HTML forms and JavaScript to automate the submission of malicious configuration changes.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Linksys WRT54G firmware 1.00.9
No auth needed
Prerequisites: Default router IP (192.168.1.1) · Access to the router's web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by meathive · textremotehardware
https://www.exploit-db.com/exploits/5313

This exploit demonstrates multiple unauthenticated configuration changes on Linksys WRT54G routers (v1.00.9) via HTTP requests, including DNS poisoning, password resets, and wireless settings manipulation. It leverages CVE-2008-1247, an authentication bypass vulnerability.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Linksys WRT54G firmware v1.00.9
No auth needed
Prerequisites: Network access to the router's LAN interface (192.168.1.1) · Router running vulnerable firmware version
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29344
Exploit x_refsource_misc
http://kinqpinz.info/lib/wrt54g/own.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28381
Various Sources x_refsource_misc
https://kinqpinz.info/lib/wrt54g/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5926
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41118
Various Sources x_refsource_misc
https://kinqpinz.info/lib/wrt54g/own2.txt
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5313

Scores

EPSS 0.0516
EPSS Percentile 91.4%

Details

CWE
CWE-264
Status published
Products (1)
linksys/wrt54g
Published Mar 10, 2008
Tracked Since Feb 18, 2026