Vulnerabilities > Linksys
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-17 | CVE-2018-3955 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). | 7.2 |
| 2018-10-17 | CVE-2018-3954 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. | 7.2 |
| 2018-10-17 | CVE-2018-3953 | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. | 7.2 |
| 2018-09-19 | CVE-2018-17208 | OS Command Injection vulnerability in Linksys Velop Firmware 1.1.2.187020 Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). | 8.8 |
| 2017-12-21 | CVE-2017-17411 | OS Command Injection vulnerability in Linksys Wvbr0 Firmware This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. | 9.8 |
| 2017-08-06 | CVE-2017-10677 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Ea4500 Firmware 2.0.36 Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | 8.8 |
| 2010-06-10 | CVE-2010-1573 | Use of Hard-coded Credentials vulnerability in Linksys Wap54G Firmware Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | 9.8 |