Search criteria
13 vulnerabilities found for wag54gs by linksys
VAR-200803-0007
Vulnerability from variot - Updated: 2025-04-10 22:32Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54gs",
"scope": "lte",
"trust": 1.0,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wag54gs",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.01.03"
},
{
"model": "wag54gs",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wireless-g adsl gateway wag54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.01.03"
}
],
"sources": [
{
"db": "BID",
"id": "85175"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:wag54gs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85175"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6708",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6708",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-30070",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6708",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6708",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-208",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30070",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-6708",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6708"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "BID",
"id": "85175"
},
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "VULMON",
"id": "CVE-2007-6708"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6708",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "43537",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "43538",
"trust": 1.8
},
{
"db": "XF",
"id": "41269",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BID",
"id": "85175",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-30070",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-6708",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"db": "BID",
"id": "85175"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"id": "VAR-200803-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30070"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:32:37.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"trust": 2.1,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.8,
"url": "http://osvdb.org/43537"
},
{
"trust": 1.8,
"url": "http://osvdb.org/43538"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41269"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6708"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6708"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/85175"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"db": "BID",
"id": "85175"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30070"
},
{
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"db": "BID",
"id": "85175"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-30070"
},
{
"date": "2008-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "85175"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"date": "2008-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"date": "2008-03-13T18:44:00",
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30070"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6708"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "85175"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003896"
},
{
"date": "2008-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-208"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6708"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys WAG54GS Wireless-G ADSL Gateway Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-208"
}
],
"trust": 0.6
}
}
VAR-200803-0006
Vulnerability from variot - Updated: 2025-04-10 22:05Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. Cisco Linksys WAG54GS Wireless-G ADSL Gateway Contains a cross-site scripting vulnerability. This vulnerability CVE-2007-3574 Is a different vulnerability.By any third party Web Script or HTML May be inserted
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54gs",
"scope": "lte",
"trust": 1.0,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wag54gs",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.01.03"
},
{
"model": "wag54gs",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wireless-g adsl gateway wag54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.01.03"
}
],
"sources": [
{
"db": "BID",
"id": "81492"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:wag54gs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "81492"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6707",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-30069",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6707",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6707",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-207",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30069"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. Cisco Linksys WAG54GS Wireless-G ADSL Gateway Contains a cross-site scripting vulnerability. This vulnerability CVE-2007-3574 Is a different vulnerability.By any third party Web Script or HTML May be inserted",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6707"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "BID",
"id": "81492"
},
{
"db": "VULHUB",
"id": "VHN-30069"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6707",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "43539",
"trust": 1.7
},
{
"db": "XF",
"id": "41270",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BID",
"id": "81492",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-30069",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30069"
},
{
"db": "BID",
"id": "81492"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"id": "VAR-200803-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30069"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:05:00.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30069"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://osvdb.org/43539"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41270"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6707"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6707"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30069"
},
{
"db": "BID",
"id": "81492"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30069"
},
{
"db": "BID",
"id": "81492"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-30069"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "81492"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"date": "2008-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"date": "2008-03-13T18:44:00",
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30069"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "81492"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003895"
},
{
"date": "2008-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-207"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys WAG54GS Wireless-G ADSL Gateway Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-207"
}
],
"trust": 0.6
}
}
VAR-200803-0008
Vulnerability from variot - Updated: 2025-04-10 21:41The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. Wireless-G ADSL Gateway WAG54GS is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54gs",
"scope": "lte",
"trust": 1.0,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wag54gs",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.01.03"
},
{
"model": "wag54gs",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "firmware_1.01.03"
},
{
"model": "wireless-g adsl gateway wag54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.01.03"
}
],
"sources": [
{
"db": "BID",
"id": "85183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:wag54gs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85183"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-6709",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-30071",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6709",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-6709",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-30071",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30071"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access. Wireless-G ADSL Gateway WAG54GS is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6709"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "BID",
"id": "85183"
},
{
"db": "VULHUB",
"id": "VHN-30071"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6709",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "43536",
"trust": 1.7
},
{
"db": "XF",
"id": "41268",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BID",
"id": "85183",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-30071",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30071"
},
{
"db": "BID",
"id": "85183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"id": "VAR-200803-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30071"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T21:41:22.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30071"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://osvdb.org/43536"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41268"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6709"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6709"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30071"
},
{
"db": "BID",
"id": "85183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30071"
},
{
"db": "BID",
"id": "85183"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-30071"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "85183"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"date": "2008-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"date": "2008-03-13T18:44:00",
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-30071"
},
{
"date": "2008-03-13T00:00:00",
"db": "BID",
"id": "85183"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003897"
},
{
"date": "2008-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-209"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys WAG54GS Wireless-G ADSL Gateway Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003897"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-209"
}
],
"trust": 0.6
}
}
VAR-200707-0349
Vulnerability from variot - Updated: 2025-04-10 20:56Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. (1) c4_trap_ip_ Parameters (2) devname Parameters (3) snmp_getcomm Parameters (4) snmp_setcomm Parameters. Attackers may exploit this issue by enticing victims into opening a malicious URI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. Successful exploits will allow script code to be stored persistently in the affected device. Linksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is reported vulnerable. Linksys WAG54GS is a wireless ADSL router launched by Cisco. Linksys WAG54GS has an input validation vulnerability when processing user requests. If an attacker visits the router's configuration page and submits a malicious HTTP request, a cross-site scripting attack can be performed.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Linksys WAG54GS Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
SECUNIA ADVISORY ID: SA27738
VERIFY ADVISORY: http://secunia.com/advisories/27738/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM: Linksys WAG54GS Wireless-G ADSL Gateway with SpeedBooster 1.x http://secunia.com/product/16625/
DESCRIPTION: Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
1) Input passed to the "devname", "snmp_getcomm", "snmp_setcomm", and "c4_trap_ip_" parameters in setup.cgi is not properly sanitised before being returned to the user.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. perform certain administrative actions by enticing a logged-in administrator to visit a malicious site.
The vulnerabilities are reported in firmware version 1.00.06. Other versions may also be affected.
SOLUTION: Vulnerability #1 has reportedly been fixed in firmware version 1.01.03.
Do not browse untrusted websites or follow untrusted links while logged on to the device.
PROVIDED AND/OR DISCOVERED BY: Adrian Pastor
ORIGINAL ADVISORY: http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54gs",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.00.06"
},
{
"model": "wag54gs",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.00.06"
},
{
"model": "wireless-g adsl gateway wag54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "24682"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:linksys:wag54gs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-3574",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-26936",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3574",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3574",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-072",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26936",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. (1) c4_trap_ip_ Parameters (2) devname Parameters (3) snmp_getcomm Parameters (4) snmp_setcomm Parameters. \nAttackers may exploit this issue by enticing victims into opening a malicious URI. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. \nSuccessful exploits will allow script code to be stored persistently in the affected device. \nLinksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is reported vulnerable. Linksys WAG54GS is a wireless ADSL router launched by Cisco. Linksys WAG54GS has an input validation vulnerability when processing user requests. If an attacker visits the router\u0027s configuration page and submits a malicious HTTP request, a cross-site scripting attack can be performed. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WAG54GS Cross-Site Scripting and Cross-Site Request Forgery\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA27738\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27738/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nLinksys WAG54GS Wireless-G ADSL Gateway with SpeedBooster 1.x\nhttp://secunia.com/product/16625/\n\nDESCRIPTION:\nAdrian Pastor has reported some vulnerabilities in Linksys WAG54GS,\nwhich can be exploited by malicious people to conduct cross-site\nscripting and cross-site request forgery attacks. \n\n1) Input passed to the \"devname\", \"snmp_getcomm\", \"snmp_setcomm\", and\n\"c4_trap_ip_\" parameters in setup.cgi is not properly sanitised before\nbeing returned to the user. \n\n2) The application allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the\nrequest. This can be exploited to e.g. perform certain administrative\nactions by enticing a logged-in administrator to visit a malicious\nsite. \n\nThe vulnerabilities are reported in firmware version 1.00.06. Other\nversions may also be affected. \n\nSOLUTION:\nVulnerability #1 has reportedly been fixed in firmware version\n1.01.03. \n\nDo not browse untrusted websites or follow untrusted links while\nlogged on to the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nAdrian Pastor\n\nORIGINAL ADVISORY:\nhttp://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3574"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "BID",
"id": "24682"
},
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "PACKETSTORM",
"id": "61204"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26936",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3574",
"trust": 2.8
},
{
"db": "BID",
"id": "24682",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "27738",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "40877",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "40878",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "30254",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83687",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61204",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "BID",
"id": "24682"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "PACKETSTORM",
"id": "61204"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"id": "VAR-200707-0349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T20:56:56.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24682"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/27738/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://osvdb.org/40877"
},
{
"trust": 1.1,
"url": "http://osvdb.org/40878"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3574"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3574"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs"
},
{
"trust": 0.3,
"url": "http://www.linksys.com"
},
{
"trust": 0.3,
"url": "/archive/1/484002"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16625/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "BID",
"id": "24682"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "PACKETSTORM",
"id": "61204"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26936"
},
{
"db": "BID",
"id": "24682"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"db": "PACKETSTORM",
"id": "61204"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26936"
},
{
"date": "2007-06-27T00:00:00",
"db": "BID",
"id": "24682"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"date": "2007-11-27T02:10:48",
"db": "PACKETSTORM",
"id": "61204"
},
{
"date": "2007-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"date": "2007-07-05T20:30:00",
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26936"
},
{
"date": "2007-11-21T00:34:00",
"db": "BID",
"id": "24682"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004075"
},
{
"date": "2007-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-072"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys WAG54GS Wireless-G ADSL Gateway Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004075"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-072"
}
],
"trust": 0.6
}
}
VAR-190001-0079
Vulnerability from variot - Updated: 2022-05-17 02:02The Linksys WAG54GS Wireless Router is a wireless router device. A cross-site request forgery vulnerability exists in the Linksys WAG54GS Wireless Router. Because the program fails to properly validate user-submitted requests, an attacker can build a malicious URI, trick the user into parsing, and run privileged commands on the device, such as changing the configuration, performing a denial of service attack, or injecting arbitrary script code. Other attacks are also possible. Linksys WAG54GS running firmware 1.01.03 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag54gs",
"scope": "eq",
"trust": 0.9,
"vendor": "linksys",
"version": "1.01.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivano Binetti",
"sources": [
{
"db": "BID",
"id": "52105"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linksys WAG54GS Wireless Router is a wireless router device. A cross-site request forgery vulnerability exists in the Linksys WAG54GS Wireless Router. Because the program fails to properly validate user-submitted requests, an attacker can build a malicious URI, trick the user into parsing, and run privileged commands on the device, such as changing the configuration, performing a denial of service attack, or injecting arbitrary script code. Other attacks are also possible. \nLinksys WAG54GS running firmware 1.01.03 is vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "52105",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-0815",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201202-434",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
]
},
"id": "VAR-190001-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
}
]
},
"last_update_date": "2022-05-17T02:02:15.981000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52105/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52105"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"date": "2012-02-21T00:00:00",
"db": "BID",
"id": "52105"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"date": "2012-02-21T00:00:00",
"db": "BID",
"id": "52105"
},
{
"date": "2012-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WAG54GS Wireless Router Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0815"
},
{
"db": "BID",
"id": "52105"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-434"
}
],
"trust": 0.6
}
}
CVE-2007-6708 (GCVE-0-2007-6708)
Vulnerability from nvd – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"refsource": "OSVDB",
"url": "http://osvdb.org/43537"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"refsource": "OSVDB",
"url": "http://osvdb.org/43538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6708",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6709 (GCVE-0-2007-6709)
Vulnerability from nvd – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"refsource": "OSVDB",
"url": "http://osvdb.org/43536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6709",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6707 (GCVE-0-2007-6707)
Vulnerability from nvd – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"refsource": "OSVDB",
"url": "http://osvdb.org/43539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6707",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3574 (GCVE-0-2007-3574)
Vulnerability from nvd – Published: 2007-07-05 20:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27738/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27738/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27738/"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"refsource": "OSVDB",
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"refsource": "OSVDB",
"url": "http://osvdb.org/40877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3574",
"datePublished": "2007-07-05T20:00:00",
"dateReserved": "2007-07-05T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6708 (GCVE-0-2007-6708)
Vulnerability from cvelistv5 – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "43537",
"refsource": "OSVDB",
"url": "http://osvdb.org/43537"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"refsource": "OSVDB",
"url": "http://osvdb.org/43538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6708",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6709 (GCVE-0-2007-6709)
Vulnerability from cvelistv5 – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-default-account(41268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41268"
},
{
"name": "43536",
"refsource": "OSVDB",
"url": "http://osvdb.org/43536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6709",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6707 (GCVE-0-2007-6707)
Vulnerability from cvelistv5 – Published: 2008-03-13 18:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "linksys-wag54gs-setup-xss(41270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41270"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "43539",
"refsource": "OSVDB",
"url": "http://osvdb.org/43539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6707",
"datePublished": "2008-03-13T18:00:00",
"dateReserved": "2008-03-13T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3574 (GCVE-0-2007-3574)
Vulnerability from cvelistv5 – Published: 2007-07-05 20:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27738/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27738/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "27738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27738/"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "24682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24682"
},
{
"name": "40878",
"refsource": "OSVDB",
"url": "http://osvdb.org/40878"
},
{
"name": "40877",
"refsource": "OSVDB",
"url": "http://osvdb.org/40877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3574",
"datePublished": "2007-07-05T20:00:00",
"dateReserved": "2007-07-05T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}