CVE-2007-6708

Name of the Vulnerable Software and Affected Versions Cisco Linksys WAG54GS Wireless-G ADSL Gateway versions 1.01.03 and earlier

Description The issue allows remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI. This can be demonstrated by a Restore Factory Defaults action using the mtenRestore parameter to "setup.cgi" or creation of a user account using the sysname parameter to "setup.cgi".

Recommendations For Cisco Linksys WAG54GS Wireless-G ADSL Gateway versions 1.01.03 and earlier, consider disabling access to the "setup.cgi" endpoint until a patch is available. Restrict access to administrative URIs to minimize the risk of exploitation. Avoid using the mtenRestore and sysname parameters in the affected API endpoint until the issue is resolved.