Skip to main content

Linksys

140 CVEs vendor

Monthly

CVE-2024-57224 CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-57223 CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-57222 MEDIUM POC This Month

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2024-48286 HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
12.4%
CVE-2024-8408 MEDIUM POC This Month

A vulnerability was found in Linksys WRT54G 4.21.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys Wrt54G Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-42633 HIGH POC This Week

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-40495 HIGH POC This Week

A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Linksys RCE E2500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-41281 HIGH This Week

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Linksys Wrt54G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40750 MEDIUM This Month

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Mx6200 Firmware Mbe7000 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-36821 MEDIUM POC This Month

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Velop Whw0101 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.9%
CVE-2024-33788 HIGH POC This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.9%
CVE-2024-33789 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-25852 HIGH POC THREAT This Week

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Re7000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
16.5%
CVE-2024-28283 MEDIUM POC This Month

There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys RCE E1000 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-27497 HIGH POC THREAT This Week

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linksys E2000 Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2024-22544 HIGH POC This Week

An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection RCE E1700 Firmware
NVD
CVSS 3.1
8.0
EPSS
9.3%
CVE-2024-22543 MEDIUM POC This Month

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys E1700 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-1406 MEDIUM POC This Month

A vulnerability was found in Linksys WRT54GL 4.30.18. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-1405 MEDIUM This Month

A vulnerability was found in Linksys WRT54GL 4.30.18. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1404 HIGH This Week

A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31741 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-31740 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-31742 HIGH POC THREAT Act Now

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Command Injection Linksys Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
10.6%
CVE-2022-35572 HIGH POC This Week

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys E5350 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38555 CRITICAL POC THREAT Emergency

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Memory Corruption Buffer Overflow Linksys E1200 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.2%
CVE-2022-38132 HIGH This Week

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Linksys Command Injection Mr8300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-24372 MEDIUM POC This Month

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Mr9600 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2021-25310 HIGH POC This Week

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection Linksys Wrt160Nl Firmware
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-35716 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linksys Re6500 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-35715 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-35714 HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-35713 CRITICAL POC THREAT Act Now

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
9.8
EPSS
32.7%
CVE-2020-26561 HIGH POC THREAT This Week

Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Linksys Linksys Wrt 160Nl Firmware
NVD
CVSS 3.1
8.8
EPSS
12.2%
CVE-2019-16340 CRITICAL POC PATCH THREAT Act Now

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linksys Information Disclosure Velop Whw0303 Firmware Velop Whw0302 Firmware Velop Whw0301 Firmware
NVD
CVSS 3.1
9.8
EPSS
19.3%
CVE-2019-11535 CRITICAL Act Now

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Command Injection Re6400 Firmware Re6300 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-7579 HIGH POC This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Wrt1900Acs Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-7311 HIGH This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt1900Acs Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3955 HIGH POC This Week

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.8%
CVE-2018-3954 HIGH POC This Week

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2018-3953 HIGH POC THREAT Act Now

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware E2500 Firmware
NVD
CVSS 3.1
7.2
EPSS
13.3%
CVE-2018-17208 HIGH POC This Week

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys CSRF Command Injection Velop Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2017-17411 CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.2%.

Linksys Command Injection RCE Wvbr0 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
92.2%
Threat
6.2
CVE-2017-10677 HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Linksys Ea4500 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2014-8244 HIGH POC This Week

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Ea3500 Firmware Ea3500 Ea6700 Firmware +17
NVD
CVSS 2.0
7.5
EPSS
9.2%
CVE-2014-8243 LOW POC Monitor

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Ea4500 Firmware Ea4500 Ea6500 Firmware +17
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-3068 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Linksys Linksys Wrt310N Router Firmware Linksys Wrt350N
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3066 HIGH POC This Week

Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2013-3065 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3064 MEDIUM POC This Month

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-0284 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.2%.

Buffer Overflow RCE Linksys Cisco Linksys Playerpt Activex Control
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
73.2%
Threat
5.6
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
EPSS 12% CVSS 8.0
HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Linksys WRT54G 4.21.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1500 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Linksys RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Linksys +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Mx6200 Firmware +1
NVD
EPSS 3% CVSS 6.8
MEDIUM POC This Month

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Velop Whw0101 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH POC This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
EPSS 17% CVSS 8.8
HIGH POC THREAT This Week

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Re7000 Firmware
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys +2
NVD
EPSS 26% CVSS 8.8
HIGH POC THREAT This Week

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linksys E2000 Firmware
NVD
EPSS 9% CVSS 8.0
HIGH POC This Week

An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys E1700 Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A vulnerability was found in Linksys WRT54GL 4.30.18. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability was found in Linksys WRT54GL 4.30.18. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
EPSS 11% CVSS 7.2
HIGH POC THREAT Act Now

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Command Injection Linksys Wrt54Gl Firmware
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys E5350 Firmware
NVD
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Emergency

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Memory Corruption Buffer Overflow Linksys +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Linksys Command Injection Mr8300 Firmware
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Mr9600 Firmware
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection Linksys Wrt160Nl Firmware
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linksys Re6500 Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
EPSS 33% CVSS 9.8
CRITICAL POC THREAT Act Now

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 19% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linksys Information Disclosure Velop Whw0303 Firmware +2
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Command Injection Re6400 Firmware +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Wrt1900Acs Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt1900Acs Firmware
NVD
EPSS 5% CVSS 7.2
HIGH POC This Week

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware +1
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware +1
NVD
EPSS 13% CVSS 7.2
HIGH POC THREAT Act Now

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1200 Firmware +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys CSRF Command Injection +1
NVD
EPSS 92% 6.2 CVSS 9.8
CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.2%.

Linksys Command Injection RCE +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Linksys Ea4500 Firmware
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Ea3500 Firmware +19
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Ea4500 Firmware +19
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Linksys Linksys Wrt310N Router Firmware +1
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Ea6500 Firmware +1
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Linksys Ea6500 Firmware +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Linksys Ea6500 Firmware +1
NVD
EPSS 73% 5.6 CVSS 9.3
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.2%.

Buffer Overflow RCE Linksys +2
NVD Exploit-DB
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy