CVE-2008-1247 : The web interface on the Linksys WRT54g router with firmware 1.00.9 does not req

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

Published 2008-03-10 17:44:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-1247

Linksys » Wrt54g » 1.00.9 Edition
cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1247

EPSS FAQ

8.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1247

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1247

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1247

Jump to

Vulnerability Details : CVE-2008-1247

Products affected by CVE-2008-1247

Exploit prediction scoring system (EPSS) score for CVE-2008-1247

CVSS scores for CVE-2008-1247

CWE ids for CVE-2008-1247

References for CVE-2008-1247