admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2008/CVE-2008-12xx/CVE-2008-1247.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

114 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2008-1247",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-03-10T17:44:00.000",
"lastModified": "2018-10-11T20:31:17.277",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202."
},
{
"lang": "es",
"value": "El interfaz web del Router Linksys WRT54g con firmware 1.00.9 no requiere credenciales al invocar secuencias de comandos. Esto, permite a atacantes remotos realizar acciones administrativas a trav\u00e9s de peticiones directas a (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTA: El vector estSecurity.tri est\u00e1 tratado en CVE-2006-5202."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": true,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*",
"matchCriteriaId": "DB6556B1-9984-42CB-B056-215543E13D96"
}
]
}
]
}
],
"references": [
{
"url": "http://kinqpinz.info/lib/wrt54g/own.txt",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/28381",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41118",
"source": "cve@mitre.org"
},
{
"url": "https://kinqpinz.info/lib/wrt54g/",
"source": "cve@mitre.org"
},
{
"url": "https://kinqpinz.info/lib/wrt54g/own2.txt",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/5313",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/5926",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink