Filtered by vendor Linksys
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2371 | 1 Linksys | 1 Wet11 | 2025-04-03 | 7.8 HIGH | N/A |
| Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | |||||
| CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2025-04-03 | 2.1 LOW | N/A |
| Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |||||
| CVE-2002-0109 | 1 Linksys | 3 Befn2ps4, Befsr41, Befsr81 | 2025-04-03 | 6.4 MEDIUM | N/A |
| Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. | |||||
| CVE-2005-2912 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | |||||
| CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2025-04-03 | 6.4 MEDIUM | N/A |
| Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | |||||
| CVE-2001-0888 | 3 Atmel, Linksys, Netgear | 3 Firmware, Wap11, Me102 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. | |||||
| CVE-2003-1497 | 1 Linksys | 1 Befsx41 | 2025-04-03 | 6.3 MEDIUM | N/A |
| Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. | |||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 7.5 HIGH | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
| CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | |||||
| CVE-2002-2137 | 5 Alloy, D-link, Eusso and 2 more | 5 Gl-2422ap-s, Dwl-900ap\+, Gl2422 Ap and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. | |||||
| CVE-2025-29226 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. | |||||
| CVE-2025-29227 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. | |||||
| CVE-2025-29230 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 8.6 HIGH |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter. | |||||
| CVE-2025-29223 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | N/A | 6.3 MEDIUM |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. | |||||
| CVE-2022-38841 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-02-06 | N/A | 8.8 HIGH |
| Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page. | |||||
| CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-01-28 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-31740 | 1 Linksys | 2 E2000, E2000 Firmware | 2025-01-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | |||||
| CVE-2024-36821 | 1 Linksys | 2 Velop Whw0101, Velop Whw0101 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. | |||||
| CVE-2024-1406 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||