Vulnerabilities > Linksys
|2022-04-27||CVE-2022-24372|| Link Following vulnerability in Linksys Mr9600 Firmware |
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
| 4.9 |
|2020-12-26||CVE-2020-35716|| Unspecified vulnerability in Linksys Re6500 Firmware |
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.
| 7.8 |
|2020-12-26||CVE-2020-35715|| OS Command Injection vulnerability in Linksys Re6500 Firmware |
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.
| 9.0 |
|2020-12-26||CVE-2020-35714|| Command Injection vulnerability in Linksys Re6500 Firmware |
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.
| 6.5 |
|2020-12-26||CVE-2020-35713|| OS Command Injection vulnerability in Linksys Re6500 Firmware |
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
| 10.0 |
|2020-02-12||CVE-2009-5140|| Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware |
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
| 4.3 |
|2020-02-07||CVE-2013-3067|| Cross-site Scripting vulnerability in Linksys Wrt310N Firmware 18.104.22.168 |
Linksys WRT310Nv2 22.214.171.124 is vulnerable to XSS.
| 3.5 |
|2019-11-21||CVE-2019-16340|| Authorization Bypass Through User-Controlled Key vulnerability in Linksys products |
Belkin Linksys Velop 126.96.36.199419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
| 6.4 |
|2019-10-25||CVE-2013-4658|| Path Traversal vulnerability in Linksys Ea6500 Firmware |
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.
| 10.0 |
|2019-07-17||CVE-2019-11535|| Command Injection vulnerability in Linksys Re6300 Firmware and Re6400 Firmware |
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution.
| 10.0 |