Filtered by vendor Linksys
Subscriptions
Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11535 | 1 Linksys | 4 Re6300, Re6300 Firmware, Re6400 and 1 more | 2024-08-04 | N/A |
| Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. | ||||
| CVE-2019-7579 | 1 Linksys | 2 Wrt1900acs, Wrt1900acs Firmware | 2024-08-04 | N/A |
| An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network. | ||||
| CVE-2019-7311 | 1 Linksys | 2 Wrt1900acs, Wrt1900acs Firmware | 2024-08-04 | N/A |
| An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise. | ||||
| CVE-2020-35713 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-08-04 | 9.8 Critical |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | ||||
| CVE-2020-35714 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-08-04 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | ||||
| CVE-2020-35715 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-08-04 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | ||||
| CVE-2020-35716 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-08-04 | 7.5 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. | ||||
| CVE-2022-43970 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-03 | 7.2 High |
| A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. | ||||
| CVE-2022-43971 | 1 Linksys | 2 Wumc710, Wumc710 Firmware | 2024-08-03 | 7.2 High |
| An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. | ||||
| CVE-2022-43972 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-03 | 6.5 Medium |
| A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. | ||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-03 | 7.2 High |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | ||||
| CVE-2022-38841 | 1 Linksys | 2 E8450, E8450 Firmware | 2024-08-03 | 8.8 High |
| Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page. | ||||
| CVE-2022-38555 | 1 Linksys | 2 E1200, E1200 Firmware | 2024-08-03 | 9.8 Critical |
| Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. | ||||
| CVE-2022-35572 | 1 Linksys | 2 E5350, E5350 Firmware | 2024-08-03 | 7.5 High |
| On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. | ||||
| CVE-2022-24372 | 1 Linksys | 2 Mr9600, Mr9600 Firmware | 2024-08-03 | 4.6 Medium |
| Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | ||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2024-08-02 | 7.2 High |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | ||||
| CVE-2023-31740 | 1 Linksys | 2 E2000, E2000 Firmware | 2024-08-02 | 7.2 High |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | ||||
| CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-02 | 7.2 High |
| There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | ||||
| CVE-2024-41281 | 1 Linksys | 1 Wrt54g | 2024-08-02 | 8.8 High |
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | ||||
| CVE-2024-40495 | 1 Linksys | 1 E2500 Firmware | 2024-08-02 | 8 High |
| A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. | ||||