CVE-2008-1247

{"id": "CVE-2008-1247", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-10T17:44:00.000", "references": [{"url": "http://kinqpinz.info/lib/wrt54g/own.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29344", "source": "cve@mitre.org"}, {"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28381", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41118", "source": "cve@mitre.org"}, {"url": "https://kinqpinz.info/lib/wrt54g/", "source": "cve@mitre.org"}, {"url": "https://kinqpinz.info/lib/wrt54g/own2.txt", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5313", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5926", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202."}, {"lang": "es", "value": "El interfaz web del Router Linksys WRT54g con firmware 1.00.9 no requiere credenciales al invocar secuencias de comandos. Esto, permite a atacantes remotos realizar acciones administrativas a trav\u00e9s de peticiones directas a (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTA: El vector estSecurity.tri est\u00e1 tratado en CVE-2006-5202."}], "lastModified": "2018-10-11T20:31:17.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6556B1-9984-42CB-B056-215543E13D96"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}