Filtered by vendor Belkin Subscriptions
Total 52 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-33768 1 Belkin 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware 2024-11-21 6.5 Medium
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
CVE-2023-27217 1 Belkin 2 F7c063, F7c063 Firmware 2024-11-21 9.8 Critical
A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.
CVE-2022-30105 1 Belkin 2 N300, N300 Firmware 2024-11-21 9.8 Critical
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
CVE-2021-25310 1 Belkin 2 Linksys Wrt160nl, Linksys Wrt160nl Firmware 2024-11-21 8.8 High
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine
CVE-2020-26561 1 Belkin 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware 2024-11-21 8.8 High
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2019-17532 1 Belkin 2 Wemo Switch 28b, Wemo Switch 28b Firmware 2024-11-21 7.5 High
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.
CVE-2019-17094 1 Belkin 2 Wemo Insight Switch, Wemo Insight Switch Firmware 2024-11-21 8.3 High
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
CVE-2019-12780 1 Belkin 2 Crock-pot Smart Slow Cooker With Wemo, Crock-pot Smart Slow Cooker With Wemo Firmware 2024-11-21 N/A
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
CVE-2018-6692 1 Belkin 2 Wemo Insight Smart Plug, Wemo Insight Smart Plug Firmware 2024-11-21 10.0 Critical
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
CVE-2018-1146 1 Belkin 2 N750, N750 Firmware 2024-11-21 N/A
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
CVE-2018-1145 1 Belkin 2 N750, N750 Firmware 2024-11-21 N/A
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
CVE-2018-1144 1 Belkin 2 N750, N750 Firmware 2024-11-21 N/A
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
CVE-2018-1143 1 Belkin 2 N750, N750 Firmware 2024-11-21 N/A
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
CVE-2015-5536 1 Belkin 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware 2024-11-21 N/A
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
CVE-2014-2962 1 Belkin 2 N150 F9k1009, N150 F9k1009 Firmware 2024-11-21 N/A
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVE-2014-1635 1 Belkin 2 N750 Wireless Router, N750 Wireless Router Firmware 2024-11-21 N/A
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
CVE-2013-7173 1 Belkin 2 N750, N750 Firmware 2024-11-21 9.8 Critical
Belkin n750 routers have a buffer overflow.
CVE-2013-6952 1 Belkin 1 Wemo Home Automation Firmware 2024-11-21 N/A
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
CVE-2013-6951 1 Belkin 1 Wemo Home Automation Firmware 2024-11-21 N/A
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.
CVE-2013-6950 1 Belkin 1 Wemo Home Automation Firmware 2024-11-21 N/A
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.