VYPR
Unrated severityNVD Advisory· Published Mar 10, 2008· Updated Jun 16, 2026

CVE-2008-1247

CVE-2008-1247

Description

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linksys/Wrt54g2 versions
    cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*+ 1 more
    • cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*
    • (no CPE)range: 1.00.9

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.