Cross-Site Request Forgery Vulnerability in Linksys WRT54GL Router
CVE-2008-0228

Currently unrated

Key Information:

Vendor
Linksys
Status
Wrt54gl
Vendor
CVE Published:
10 January 2008

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Linksys WRT54GL Wireless-G Broadband Router contains a vulnerability in its apply.cgi component, which can be exploited through Cross-Site Request Forgery (CSRF). This flaw enables remote attackers to execute administrative actions on the router without proper authentication, posing a significant risk to user control. Successful exploitation may allow an attacker to manipulate router settings, leading to unauthorized access and potential data breaches. Users are advised to apply patches and implement security measures to mitigate the risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

TWSL2011-007_iOS_code_workaround
Created by SpiderLabs

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39502
vdb-entryx_refsource_XF
http://securityreason.com/securityalert/3534
third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/28364
third-party-advisoryx_refsource_SECUNIA

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.