CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2024-57222
https://notcve.org/view.php?id=CVE-2024-57222
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_5_apcli_cancel_wps/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57223
https://notcve.org/view.php?id=CVE-2024-57223
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_6_apcli_wps_gen_pincode/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57224
https://notcve.org/view.php?id=CVE-2024-57224
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_3_apcli_do_enr_pin_wps/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57225
https://notcve.org/view.php?id=CVE-2024-57225
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_7_reset_wifi/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-57226
https://notcve.org/view.php?id=CVE-2024-57226
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_2_vif_enable/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-57227
https://notcve.org/view.php?id=CVE-2024-57227
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_4_apcli_do_enr_pbc_wps/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-57228
https://notcve.org/view.php?id=CVE-2024-57228
10 Jan 2025 — Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. • https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_1_vif_disable/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8408 – Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
https://notcve.org/view.php?id=CVE-2024-8408
04 Sep 2024 — A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 6%CPEs: 1EXPL: 0CVE-2024-42633
https://notcve.org/view.php?id=CVE-2024-42633
19 Aug 2024 — A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. • https://github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40495
https://notcve.org/view.php?id=CVE-2024-40495
24 Jul 2024 — A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. • http://e2500.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •