Cross-Site Scripting Vulnerabilities in Cisco Linksys Wireless-G ADSL Gateway
CVE-2007-3574

Currently unrated

Key Information:

Vendor: Linksys
Status: Wag54gs
Vendor: CVE Published:; 5 July 2007

Summary

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with firmware version 1.00.06 is susceptible to multiple cross-site scripting (XSS) vulnerabilities via the setup.cgi interface. This allows remote attackers to inject arbitrary web scripts or HTML into the gateway through specific parameters such as c4_trap_ip_, devname, snmp_getcomm, or snmp_setcomm. Exploitation of these vulnerabilities could lead to unauthorized access or alteration of data by executing harmful scripts in the context of the user’s browser.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://secunia.com/advisories/27738/

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 5, 2007
Vulnerability Reserved
Jul 5, 2007