CVE-2008-6280

Name of the Vulnerable Software and Affected Versions: Linksys WRT160N (affected versions not specified)

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP Static operation on the apply.cgi page.

Recommendations: For the Linksys WRT160N, avoid using the action parameter in the DHCP Static operation on the apply.cgi page until a fix is available. As a temporary workaround, consider restricting access to the apply.cgi page to minimize the risk of exploitation.