Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Linksys Subscribe
Total 105 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1573 1 Linksys 2 Wap54g, Wap54g Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
CVE-2009-5157 1 Linksys 2 Wag54g2, Wag54g2 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
CVE-2009-5140 1 Linksys 2 Spa2102, Spa2102 Firmware 2024-11-21 4.3 MEDIUM 8.8 HIGH
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVE-2024-8408 1 Linksys 2 Wrt54g, Wrt54g Firmware 2024-09-05 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42633 1 Linksys 2 E1500, E1500 Firmware 2024-08-20 N/A 8.8 HIGH
A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges.