Vulnerabilities > Linksys > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-12 | CVE-2007-5475 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements. | 6.8 |
2008-09-05 | CVE-2007-5474 | Improper Input Validation vulnerability in multiple products The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. | 6.3 |
2008-03-13 | CVE-2007-6708 | Cross-Site Request Forgery (CSRF) vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | 4.3 |
2008-03-13 | CVE-2007-6707 | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. | 4.3 |
2008-03-10 | CVE-2008-1263 | Cryptographic Issues vulnerability in Linksys Wrt54G The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | 4.0 |
2008-03-10 | CVE-2008-1243 | Cross-Site Scripting vulnerability in Linksys Wrt300N Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. | 4.3 |
2007-10-12 | CVE-2007-5411 | Cross-Site Scripting vulnerability in Linksys Spa941 Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. | 4.3 |
2007-07-05 | CVE-2007-3574 | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | 4.3 |
2007-03-21 | CVE-2007-1585 | Information Disclosure vulnerability in Linksys Wag200G and Wrt54Gc The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. | 5.0 |
2006-10-10 | CVE-2006-5202 | Authentication Bypass vulnerability in Linksys Wrt54G 1.00.9 Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. | 5.0 |