Vulnerabilities > Linksys
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-10 | CVE-2008-1265 | Improper Input Validation vulnerability in Linksys Wrt54G The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | 7.8 |
2008-03-10 | CVE-2008-1264 | Improper Authentication vulnerability in Linksys Wrt54G The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | 7.5 |
2008-03-10 | CVE-2008-1263 | Cryptographic Issues vulnerability in Linksys Wrt54G The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | 4.0 |
2008-03-10 | CVE-2008-1247 | Permissions, Privileges, and Access Controls vulnerability in Linksys Wrt54G The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. | 10.0 |
2008-03-10 | CVE-2008-1243 | Cross-Site Scripting vulnerability in Linksys Wrt300N Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. | 4.3 |
2008-01-10 | CVE-2008-0228 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wrt54Gl 4.30.9 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | 9.3 |
2007-10-12 | CVE-2007-5411 | Cross-Site Scripting vulnerability in Linksys Spa941 Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. | 4.3 |
2007-07-05 | CVE-2007-3574 | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | 4.3 |
2007-04-25 | CVE-2007-2270 | Denial of Service vulnerability in Linksys SPA941 377 Character The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. | 7.8 |
2007-03-21 | CVE-2007-1585 | Information Disclosure vulnerability in Linksys Wag200G and Wrt54Gc The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. | 5.0 |