Cross-Site Request Forgery Vulnerabilities in Cisco Linksys WAG54GS Wireless-G ADSL Gateway
CVE-2007-6708

Currently unrated

Key Information:

Vendor: Linksys
Status: Wag54gs
Vendor: CVE Published:; 13 March 2008

Summary

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway is affected by multiple CSRF vulnerabilities that enable remote attackers to impersonate administrators. By crafting arbitrary valid requests directed at specific administrative URIs, attackers can execute harmful actions without user consent. Notable actions that can be compromised include resetting the device to factory defaults and creating unauthorized user accounts. These vulnerabilities are particularly concerning for users who have not updated their firmware beyond version 1.01.03, leaving them exposed to potential exploitation.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://osvdb.org/43537

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 13, 2008
Vulnerability Reserved
Mar 13, 2008