CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1264
https://notcve.org/view.php?id=CVE-2008-1264
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. El router Linksys WRT54G tiene "admin" como su contraseña FTP por defecto, lo cual permite a atacantes remotos acceder a ficheros sensibles incluido nvram.cfg, un fichero que lista todos los documentos HTML, y un fichero ejecutable ELF. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41126 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1265
https://notcve.org/view.php?id=CVE-2008-1265
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. El router Linksys WRT54G permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de un nombre de usuario largo y contraseña de la interfaz FTP. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41127 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1268
https://notcve.org/view.php?id=CVE-2008-1268
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. El servidor FTP en el router Linksys WRT54G 7 con software empotrado 7.00.1 no verifica credenciales de autenticación, lo cual permite a atacantes remotos establecer una sesión FTP enviando un nombre de usuario y contraseña de su elección. • http://swbae.egloos.com/1701135 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41119 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0228
https://notcve.org/view.php?id=CVE-2008-0228
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en apply.cgi del enrutador Linksys WRT54GL Wireless-G Broadband con firmware 4.30.9 permite a atacantes remotos llevar a cabo acciones como administrador. • http://secunia.com/advisories/28364 http://securityreason.com/securityalert/3534 http://www.securityfocus.com/archive/1/485853/100/0/threaded http://www.securityfocus.com/archive/1/486362/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/39502 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-5411 – Linksys SPA941 - 'SIP From' HTML Injection
https://notcve.org/view.php?id=CVE-2007-5411
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Linksys SPA941 VoIP Phone con el firmware 5.1.8 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cabecera From en un mensaje SIP. • https://www.exploit-db.com/exploits/30650 http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066430.html http://secunia.com/advisories/27116 http://www.securityfocus.com/bid/25987 https://exchange.xforce.ibmcloud.com/vulnerabilities/37022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •