CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6709
https://notcve.org/view.php?id=CVE-2007-6709
13 Mar 2008 — The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versión de código 1.01.03 y anteriores pone "admin" como contraseña por defecto del usuario "admin", que facilita a atacantes remotos la obtención de acceso. • http://osvdb.org/43536 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1243
https://notcve.org/view.php?id=CVE-2008-1243
10 Mar 2008 — Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el router Linksys WRT300N con software empotrado (firmware) 2.00.20, cuando se utiliza Mozilla Firefox o Apple Safari, permite a atacantes remotos inyectar secuencias de comandos Web o HTM... • http://code.bulix.org/cx46qa-65489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 3CVE-2008-1247 – Linksys WRT54G Firmware 1.00.9 - Security Bypass
https://notcve.org/view.php?id=CVE-2008-1247
10 Mar 2008 — The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19... • https://www.exploit-db.com/exploits/5313 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1263
https://notcve.org/view.php?id=CVE-2008-1263
10 Mar 2008 — The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. El router Linksys WRT54G almacena contraseñas y claves en texto llano en el fichero Config.bin, lo cual permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP de la URI de nivel superior Config.bin. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1264
https://notcve.org/view.php?id=CVE-2008-1264
10 Mar 2008 — The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. El router Linksys WRT54G tiene "admin" como su contraseña FTP por defecto, lo cual permite a atacantes remotos acceder a ficheros sensibles incluido nvram.cfg, un fichero que lista todos los documentos HTML, y un fichero ejecutable ELF. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1265
https://notcve.org/view.php?id=CVE-2008-1265
10 Mar 2008 — The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. El router Linksys WRT54G permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de un nombre de usuario largo y contraseña de la interfaz FTP. • http://www.gnucitizen.org/projects/router-hacking-challenge • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1268
https://notcve.org/view.php?id=CVE-2008-1268
10 Mar 2008 — The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. El servidor FTP en el router Linksys WRT54G 7 con software empotrado 7.00.1 no verifica credenciales de autenticación, lo cual permite a atacantes remotos establecer una sesión FTP enviando un nombre de usuario y contraseña de su elección. • http://swbae.egloos.com/1701135 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0228
https://notcve.org/view.php?id=CVE-2008-0228
10 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en apply.cgi del enrutador Linksys WRT54GL Wireless-G Broadband con firmware 4.30.9 permite a atacantes remotos llevar a cabo acciones como administrador. • https://github.com/SpiderLabs/TWSL2011-007_iOS_code_workaround • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2007-5411 – Linksys SPA941 - 'SIP From' HTML Injection
https://notcve.org/view.php?id=CVE-2007-5411
12 Oct 2007 — Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Linksys SPA941 VoIP Phone con el firmware 5.1.8 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cabecera From en un mensaje SIP. • https://www.exploit-db.com/exploits/30650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3CVE-2007-3574 – Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3574
05 Jul 2007 — Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo setup.cgi en el Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versión de firmware 1.00.06, permite a atacantes remotos inyectar script web o HT... • https://www.exploit-db.com/exploits/30254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •