CVE-2007-6708 - Vulnerability Details - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linksys	Wag54gs

Configuration 1 [-]

cpe:2.3:h:linksys:wag54gs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/43537
http://osvdb.org/43538
http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.securityfocus.com/archive/1/489009/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41269

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-13T18:00:00

Updated: 2024-08-07T16:18:20.614Z

Reserved: 2008-03-13T00:00:00

Link: CVE-2007-6708

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-13T18:44:00.000

Modified: 2024-11-21T00:40:49.010

Link: CVE-2007-6708

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "43537", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/43537"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"}, {"name": "linksys-wag54gs-setup-csfr(41269)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"}, {"name": "43538", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/43538"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6708", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080301 The Router Hacking Challenge is Over!", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "refsource": "MISC", "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "43537", "refsource": "OSVDB", "url": "http://osvdb.org/43537"}, {"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"}, {"name": "linksys-wag54gs-setup-csfr(41269)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"}, {"name": "43538", "refsource": "OSVDB", "url": "http://osvdb.org/43538"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.614Z"}, "title": "CVE Program Container", "references": [{"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "43537", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/43537"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"}, {"name": "linksys-wag54gs-setup-csfr(41269)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"}, {"name": "43538", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/43538"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6708", "datePublished": "2008-03-13T18:00:00", "dateReserved": "2008-03-13T00:00:00", "dateUpdated": "2024-08-07T16:18:20.614Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wag54gs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37E4D28-033F-4ECA-8581-C6FD3CFA2BFD", "versionEndIncluding": "firmware_1.01.03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versi\u00f3n de c\u00f3digo 1.01.03 y anteriores permite a atacantes remotos realizar acciones como administrador mediante la utilizaci\u00f3n de una solicitud v\u00e1lida a una URI de administraci\u00f3n, como se demuestra por (1) una acci\u00f3n de restauraci\u00f3n de los valores de f\u00e1brica por defecto usando el par\u00e1metro mtenRestore de setup.cgi y por (2) la creaci\u00f3n de una cuenta de usuario utilizando el par\u00e1metro sysname de setup.cgi."}], "id": "CVE-2007-6708", "lastModified": "2024-11-21T00:40:49.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-13T18:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/43537"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/43538"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/43537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/43538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}