I just found a vulnerability in Linksys WRT54G routers. 


http://192.168.1.1/apply.cgi?action=../ 


It loads the page after action 


http://192.168.1.1/apply.cgi?action=../ returns the setup page 
http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist