Filtered by vendor Belkin
Subscriptions
Total
52 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-2679 | 1 Belkin | 2 Linksys E4200, Linksys E4200 Firmware | 2024-08-06 | 6.1 Medium |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi. | ||||
CVE-2014-2962 | 1 Belkin | 2 N150 F9k1009, N150 F9k1009 Firmware | 2024-08-06 | N/A |
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | ||||
CVE-2014-1635 | 1 Belkin | 2 N750 Wireless Router, N750 Wireless Router Firmware | 2024-08-06 | N/A |
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. | ||||
CVE-2015-5536 | 1 Belkin | 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware | 2024-08-06 | N/A |
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. | ||||
CVE-2018-6692 | 1 Belkin | 2 Wemo Insight Smart Plug, Wemo Insight Smart Plug Firmware | 2024-08-05 | 10.0 Critical |
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. | ||||
CVE-2019-17532 | 1 Belkin | 2 Wemo Switch 28b, Wemo Switch 28b Firmware | 2024-08-05 | 7.5 High |
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | ||||
CVE-2019-12780 | 1 Belkin | 2 Crock-pot Smart Slow Cooker With Wemo, Crock-pot Smart Slow Cooker With Wemo Firmware | 2024-08-04 | N/A |
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication. | ||||
CVE-2020-26561 | 1 Belkin | 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware | 2024-08-04 | 8.8 High |
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2021-25310 | 1 Belkin | 2 Linksys Wrt160nl, Linksys Wrt160nl Firmware | 2024-08-03 | 8.8 High |
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine | ||||
CVE-2022-30105 | 1 Belkin | 2 N300, N300 Firmware | 2024-08-03 | 9.8 Critical |
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. | ||||
CVE-2023-33768 | 1 Belkin | 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware | 2024-08-02 | 6.5 Medium |
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file. | ||||
CVE-2023-27217 | 1 Belkin | 2 F7c063, F7c063 Firmware | 2024-08-02 | 9.8 Critical |
A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. |