N/A

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

N/A

N/A

Cisco Linksys WAG54GS Wireless-G ADSL Gateway firmware多个跨站请求伪造漏洞

Cisco Linksys WAG54GS Wireless-G ADSL Gateway 和firmware存在多个跨站请求伪造漏洞。远程攻击者通过一个任意有效请求到达一个管理的URI( 例如(1) 一个 Restore Factory Defaults操作运行mtenRestore 参数至to setup.cgi以及 (2)一个用户帐户的建立会运行sysname参数至setup.cgi)，来执行操作。

N/A

N/A