linksys wag54gs Security Vulnerabilities

4 Vulnerabilities

Description
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. Impacted versions: * Base Score: 7.5, Severity: HIGH, ID: CVE-2007-6709, Last Modified: 2018-10-15T21:56:00Z References Exploit Exploit Modemly Security Checklist Linksys-WAG54GS-router-setup
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. Impacted versions: * Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-6708, Last Modified: 2018-10-15T21:56:00Z References Exploit Exploit Modemly Security Checklist Linksys-WAG54GS-router-setup
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. Impacted versions: * Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-6707, Last Modified: 2018-10-15T21:56:00Z References Exploit Exploit Modemly Security Checklist Linksys-WAG54GS-router-setup
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. Impacted versions: 1.00.06 Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-3574, Last Modified: 2018-10-15T21:29:00Z References Exploit Exploit Modemly Security Checklist Linksys-WAG54GS-router-setup

Description

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

Impacted versions: *

Base Score: 7.5, Severity: HIGH, ID: CVE-2007-6709, Last Modified: 2018-10-15T21:56:00Z

References

Exploit Exploit

Modemly Security Checklist

Linksys-WAG54GS-router-setup

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

Impacted versions: *

Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-6708, Last Modified: 2018-10-15T21:56:00Z

References

Exploit Exploit

Modemly Security Checklist

Linksys-WAG54GS-router-setup

Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.

Impacted versions: *

Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-6707, Last Modified: 2018-10-15T21:56:00Z

References

Exploit Exploit

Modemly Security Checklist

Linksys-WAG54GS-router-setup

Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.

Impacted versions: 1.00.06

Base Score: 4.3, Severity: MEDIUM, ID: CVE-2007-3574, Last Modified: 2018-10-15T21:29:00Z

References

Exploit Exploit

Modemly Security Checklist

Linksys-WAG54GS-router-setup

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.