Vulnerabilities > Linksys > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-10 | CVE-2024-1406 | Unspecified vulnerability in Linksys Wrt54Gl Firmware 4.30.18 A vulnerability was found in Linksys WRT54GL 4.30.18. low complexity linksys | 4.3 |
| 2024-02-10 | CVE-2024-1405 | Unspecified vulnerability in Linksys Wrt54Gl Firmware 4.30.18 A vulnerability was found in Linksys WRT54GL 4.30.18. low complexity linksys | 4.3 |
| 2022-04-27 | CVE-2022-24372 | Link Following vulnerability in Linksys Mr9600 Firmware Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | 4.9 |
| 2020-12-26 | CVE-2020-35714 | Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | 6.5 |
| 2020-02-12 | CVE-2009-5140 | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 4.3 |
| 2019-11-21 | CVE-2019-16340 | Authorization Bypass Through User-Controlled Key vulnerability in Linksys products Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 6.4 |
| 2019-06-17 | CVE-2019-7579 | Improper Authentication vulnerability in Linksys Wrt1900Acs Firmware 1.0.3.187766 An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. | 5.0 |
| 2017-08-06 | CVE-2017-10677 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Ea4500 Firmware 2.0.36 Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. | 6.8 |
| 2014-09-29 | CVE-2013-3064 | Open Redirection vulnerability in Linksys Ea6500 and Ea6500 Firmware Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. network linksys | 6.8 |
| 2009-11-12 | CVE-2007-5475 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements. | 6.8 |