{"api_version":"1","generated_at":"2026-04-26T20:20:28+00:00","cve":"CVE-2008-1263","urls":{"html":"https://cve.report/CVE-2008-1263","api":"https://cve.report/api/cve/CVE-2008-1263.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-1263","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-1263"},"summary":{"title":"CVE-2008-1263","description":"The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-03-10 17:44:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-310","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.gnucitizen.org/projects/router-hacking-challenge/","name":"http://www.gnucitizen.org/projects/router-hacking-challenge/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Router Hacking Challenge | GNUCITIZEN","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/489009/100/0/threaded","name":"http://www.securityfocus.com/archive/1/489009/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41115","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41115","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-1263","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1263","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"1263","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"linksys","cpe5":"wrt54g","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:17:33.568Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20080301 The Router Hacking Challenge is Over!","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/489009/100/0/threaded"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.gnucitizen.org/projects/router-hacking-challenge/"},{"name":"linksys-config-information-disclosure(41115)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41115"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20080301 The Router Hacking Challenge is Over!","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/489009/100/0/threaded"},{"tags":["x_refsource_MISC"],"url":"http://www.gnucitizen.org/projects/router-hacking-challenge/"},{"name":"linksys-config-information-disclosure(41115)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41115"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-1263","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20080301 The Router Hacking Challenge is Over!","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/489009/100/0/threaded"},{"name":"http://www.gnucitizen.org/projects/router-hacking-challenge/","refsource":"MISC","url":"http://www.gnucitizen.org/projects/router-hacking-challenge/"},{"name":"linksys-config-information-disclosure(41115)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41115"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-1263","datePublished":"2008-03-10T17:00:00.000Z","dateReserved":"2008-03-10T00:00:00.000Z","dateUpdated":"2024-08-07T08:17:33.568Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-03-10 17:44:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-310","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*","matchCriteriaId":"DBBECE9D-7805-4521-A0B1-15F2755312B8"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"1263","Ordinal":"1","Title":"CVE-2008-1263","CVE":"CVE-2008-1263","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"1263","Ordinal":"1","NoteData":"The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.","Type":"Description","Title":"CVE-2008-1263"},{"CveYear":"2008","CveId":"1263","Ordinal":"2","NoteData":"2008-03-10","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"1263","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}