Vulnerabilities > Linksys

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-43973 OS Command Injection vulnerability in Linksys Wrt54Gl Firmware
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.
network
low complexity
linksys CWE-78
7.2
2022-09-12 CVE-2022-35572 Missing Authentication for Critical Function vulnerability in Linksys E5350 Firmware 1.0.00.037
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID.
network
low complexity
linksys CWE-306
7.5
2022-04-27 CVE-2022-24372 Link Following vulnerability in Linksys Mr9600 Firmware
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
local
low complexity
linksys CWE-59
4.9
2020-12-26 CVE-2020-35716 Unspecified vulnerability in Linksys Re6500 Firmware
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.
network
low complexity
linksys
7.8
2020-12-26 CVE-2020-35715 OS Command Injection vulnerability in Linksys Re6500 Firmware
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.
network
low complexity
linksys CWE-78
critical
9.0
2020-12-26 CVE-2020-35714 Command Injection vulnerability in Linksys Re6500 Firmware
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.
network
low complexity
linksys CWE-77
6.5
2020-12-26 CVE-2020-35713 OS Command Injection vulnerability in Linksys Re6500 Firmware
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
network
low complexity
linksys CWE-78
critical
10.0
2020-02-12 CVE-2009-5140 Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
linksys CWE-307
4.3
2020-02-07 CVE-2013-3067 Cross-site Scripting vulnerability in Linksys Wrt310N Firmware 2.0.0.1
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.
network
linksys CWE-79
3.5
2019-11-21 CVE-2019-16340 Authorization Bypass Through User-Controlled Key vulnerability in Linksys products
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
network
low complexity
linksys CWE-639
6.4