CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1268

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile32.36th
PublishedMar 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.

Affected Platforms (CPE)

πŸ”Œ
Linksys

Wrt54g

= 7

References & Advisories

πŸ”— http://swbae.egloos.com/1701135
πŸ”— http://www.gnucitizen.org/projects/router-hacking-challenge/
πŸ”— http://www.securityfocus.com/archive/1/489009/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41119
πŸ”— http://swbae.egloos.com/1701135
πŸ”— http://www.gnucitizen.org/projects/router-hacking-challenge/
πŸ”— http://www.securityfocus.com/archive/1/489009/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41119

Related Vulnerabilities

CVE-2008-124710.0

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allo...

CVE-2008-12657.8

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password t...

CVE-2005-27997.5

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers...

CVE-2004-26067.5

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt t...