Filtered by vendor Linksys
Subscribe
Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17411 | 1 Linksys | 2 Wvbr0, Wvbr0 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. | |||||
| CVE-2017-10677 | 1 Linksys | 2 Ea4500, Ea4500 Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | |||||
| CVE-2024-57228 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
| CVE-2024-57227 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-57226 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 8.0 HIGH |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | |||||
| CVE-2024-57225 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 9.8 CRITICAL |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||||
| CVE-2024-57224 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 9.8 CRITICAL |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
| CVE-2024-57223 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 9.8 CRITICAL |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | |||||
| CVE-2024-57222 | 1 Linksys | 2 E7350, E7350 Firmware | 2025-04-16 | N/A | 6.3 MEDIUM |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | |||||
| CVE-2013-3064 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | |||||
| CVE-2013-3065 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | |||||
| CVE-2014-8243 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2025-04-12 | 3.3 LOW | N/A |
| Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI. | |||||
| CVE-2014-8244 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2025-04-12 | 7.5 HIGH | N/A |
| Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. | |||||
| CVE-2013-3066 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2025-04-12 | 7.1 HIGH | N/A |
| Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | |||||
| CVE-2011-4499 | 2 Cisco, Linksys | 4 Linksys Wrt54g Router Firmware, Linksys Wrt54gs Router Firmware, Wrt54g and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
| CVE-2010-1573 | 1 Linksys | 2 Wap54g, Wap54g Firmware | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |||||
| CVE-2011-4500 | 2 Cisco, Linksys | 2 Linksys Wrt54gx Router Firmware, Wrt54gx | 2025-04-11 | 7.5 HIGH | N/A |
| The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. | |||||
| CVE-2010-2261 | 1 Linksys | 1 Wap54gv3 | 2025-04-11 | 10.0 HIGH | N/A |
| Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |||||
| CVE-2006-5882 | 2 Broadcom, Linksys | 2 Bcmwl5.sys Wireless Device Driver, Wpc300n Wireless-n Notebook Adapter Driver | 2025-04-09 | 8.3 HIGH | N/A |
| Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field. | |||||
| CVE-2006-6411 | 1 Linksys | 1 Wip 330 Wireless-g Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap. | |||||