[原文]Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote attacker to manipulate arbitrary configuration settings. The issue is triggered due to the handling of the HTTP POST method of the 'upgrade.cgi' script, which may allow a remote attacker to upload arbitrary configuration settings resulting in a loss of integrity.
Upgrade to firmware 4.20.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.