Vulnerabilities > Linksys > Wag54Gs > 1.00.06
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-13 | CVE-2007-6709 | Permissions, Privileges, and Access Controls vulnerability in Linksys Wag54Gs 1.00.06 The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | 7.5 |
| 2008-03-13 | CVE-2007-6708 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | 4.3 |
| 2008-03-13 | CVE-2007-6707 | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. | 4.3 |
| 2007-07-05 | CVE-2007-3574 | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | 4.3 |