Vulnerabilities > Belkin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-31 | CVE-2015-5990 | Cross-Site Request Forgery (CSRF) vulnerability in Belkin N600 DB Wi-Fi Dual-Band N+ Router F9K1102 Firmware 2.10.17 Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-12-31 | CVE-2015-5989 | Permissions, Privileges, and Access Controls vulnerability in Belkin N600 DB Wi-Fi Dual-Band N+ Router F9K1102 Firmware 2.10.17 Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | 10.0 |
| 2015-12-31 | CVE-2015-5988 | Credentials Management vulnerability in Belkin N600 DB Wi-Fi Dual-Band N+ Router F9K1102 Firmware 2.10.17 The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.3 |
| 2015-12-31 | CVE-2015-5987 | Unspecified vulnerability in Belkin N600 DB Wi-Fi Dual-Band N+ Router F9K1102 Firmware 2.10.17 Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 5.0 |
| 2015-08-13 | CVE-2015-5536 | Permissions, Privileges, and Access Controls vulnerability in Belkin N300 Dual-Band Wi-Fi Range Extender Firmware 1.0.0 Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. | 9.0 |
| 2014-11-12 | CVE-2014-1635 | Buffer Errors vulnerability in Belkin products Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. | 10.0 |
| 2014-09-29 | CVE-2013-3092 | Improper Authentication vulnerability in Belkin N300 and N300 Firmware The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | 8.3 |
| 2014-09-29 | CVE-2013-3089 | Cross-Site Request Forgery (CSRF) vulnerability in Belkin N300 and N300 Firmware Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | 6.8 |
| 2014-09-29 | CVE-2013-3086 | Cross-Site Request Forgery (CSRF) vulnerability in Belkin N900 and N900 Firmware Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | 6.8 |
| 2014-09-29 | CVE-2013-3083 | Cross-Site Request Forgery (CSRF) vulnerability in Belkin F5D8236-4 V2 Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | 6.8 |