CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6707
https://notcve.org/view.php?id=CVE-2007-6707
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versiones del código 1.01.03 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados, es una cuestión diferente a CVE-2007-3574. • http://osvdb.org/43539 http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6708
https://notcve.org/view.php?id=CVE-2007-6708
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versión de código 1.01.03 y anteriores permite a atacantes remotos realizar acciones como administrador mediante la utilización de una solicitud válida a una URI de administración, como se demuestra por (1) una acción de restauración de los valores de fábrica por defecto usando el parámetro mtenRestore de setup.cgi y por (2) la creación de una cuenta de usuario utilizando el parámetro sysname de setup.cgi. • http://osvdb.org/43537 http://osvdb.org/43538 http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41269 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2007-6709
https://notcve.org/view.php?id=CVE-2007-6709
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versión de código 1.01.03 y anteriores pone "admin" como contraseña por defecto del usuario "admin", que facilita a atacantes remotos la obtención de acceso. • http://osvdb.org/43536 http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41268 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3CVE-2007-3574 – Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3574
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo setup.cgi en el Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versión de firmware 1.00.06, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, y (4) snmp_setcomm. • https://www.exploit-db.com/exploits/30254 http://osvdb.org/40877 http://osvdb.org/40878 http://secunia.com/advisories/27738 http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/24682 http://www.securityfocus.com/data/vulnerabilities/exploits/24682.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •