CVE-2024-8408 – Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
https://notcve.org/view.php?id=CVE-2024-8408
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md https://vuldb.com/?ctiid.276488 https://vuldb.com/?id.276488 https://vuldb.com/?submit.398567 https://www.linksys.com • CWE-121: Stack-based Buffer Overflow •
CVE-2024-1406 – Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1406
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3 https://vuldb.com/?ctiid.253330 https://vuldb.com/?id.253330 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-1405 – Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1405
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2 https://vuldb.com/?ctiid.253329 https://vuldb.com/?id.253329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-1404 – Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1404
A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 https://vuldb.com/?ctiid.253328 https://vuldb.com/?id.253328 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-31740
https://notcve.org/view.php?id=CVE-2023-31740
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. • http://linksys.com https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31740/Linksys_E2000_RCE.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •