Vulnerabilities > Linksys
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-09 | CVE-2022-43973 | OS Command Injection vulnerability in Linksys Wrt54Gl Firmware An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. | 7.2 |
2022-09-12 | CVE-2022-35572 | Missing Authentication for Critical Function vulnerability in Linksys E5350 Firmware 1.0.00.037 On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. | 7.5 |
2022-04-27 | CVE-2022-24372 | Link Following vulnerability in Linksys Mr9600 Firmware Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | 4.9 |
2020-12-26 | CVE-2020-35716 | Unspecified vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. | 7.8 |
2020-12-26 | CVE-2020-35715 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | 9.0 |
2020-12-26 | CVE-2020-35714 | Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | 6.5 |
2020-12-26 | CVE-2020-35713 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | 10.0 |
2020-02-12 | CVE-2009-5140 | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 4.3 |
2020-02-07 | CVE-2013-3067 | Cross-site Scripting vulnerability in Linksys Wrt310N Firmware 2.0.0.1 Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. | 3.5 |
2019-11-21 | CVE-2019-16340 | Authorization Bypass Through User-Controlled Key vulnerability in Linksys products Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 6.4 |