CVE-2007-3574

Name of the Vulnerable Software and Affected Versions Cisco Linksys WAG54GS Wireless-G ADSL Gateway version 1.00.06

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the setup.cgi file. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including c4 trap ip , devname, snmp getcomm, or snmp setcomm.

Recommendations For Cisco Linksys WAG54GS Wireless-G ADSL Gateway version 1.00.06, consider updating the firmware to a version that addresses these XSS vulnerabilities. As a temporary workaround, restrict access to the setup.cgi file and avoid using the vulnerable parameters c4 trap ip , devname, snmp getcomm, and snmp setcomm until a patch is available.