CVE-2008-1247

Name of the Vulnerable Software and Affected Versions Linksys WRT54g router version 1.00.9

Description The web interface of the router does not require credentials when invoking scripts, allowing remote attackers to perform arbitrary administrative actions via direct requests to various API endpoints, including "Advanced.tri", "AdvRoute.tri", "Basic.tri", "ctlog.tri", "ddns.tri", "dmz.tri", "factdefa.tri", "filter.tri", "fw.tri", "manage.tri", "ping.tri", "PortRange.tri", "ptrigger.tri", "qos.tri", "rstatus.tri", "tracert.tri", "vpn.tri", "WanMac.tri", "WBasic.tri", or "WFilter.tri".

Recommendations As a temporary workaround, consider disabling access to the mentioned API endpoints until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Update the firmware to a version that addresses this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.