Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): linksys
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-48286 |
Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Published: November 21, 2024; 1:15:09 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-8408 |
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: September 04, 2024; 10:15:15 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-42633 |
A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. Published: August 19, 2024; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-40495 |
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Published: July 24, 2024; 3:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-41281 |
Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Published: July 19, 2024; 1:15:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-40750 |
Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. Published: July 09, 2024; 4:15:12 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-36821 |
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Published: June 11, 2024; 2:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-30305 |
An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. Published: May 28, 2024; 3:15:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-46012 |
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. Published: May 07, 2024; 10:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33788 |
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Published: May 06, 2024; 9:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-33789 |
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Published: May 03, 2024; 1:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25852 |
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. Published: April 11, 2024; 5:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-28283 |
There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. Published: March 19, 2024; 5:15:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-27497 |
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Published: March 01, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-22544 |
An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Published: February 26, 2024; 8:15:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-22543 |
An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. Published: February 26, 2024; 8:15:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-1406 |
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: February 10, 2024; 3:15:07 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-1405 |
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: February 10, 2024; 1:15:46 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-1404 |
A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: February 09, 2024; 6:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-31741 |
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. Published: May 22, 2023; 9:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |