CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1406 – Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1406
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3 https://vuldb.com/?ctiid.253330 https://vuldb.com/?id.253330 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1405 – Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1405
A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2 https://vuldb.com/?ctiid.253329 https://vuldb.com/?id.253329 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1404 – Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1404
A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 https://vuldb.com/?ctiid.253328 https://vuldb.com/?id.253328 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 1CVE-2023-31742
https://notcve.org/view.php?id=CVE-2023-31742
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. • http://linksys.com https://github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31742/Linksys_WRT54GL_RCE.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43972 – Null pointer dereference in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43972
A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. Existe una vulnerabilidad de desreferencia de puntero nulo en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. Un atacante no autenticado puede desencadenar una desreferencia de puntero nulo en la función SOAP_action dentro del binario upnp a través de una solicitud POST maliciosa que invoca la acción AddPortMapping. • https://youtu.be/73-1lhvJPNg https://youtu.be/RfWVYCUBNZ0 https://youtu.be/TeWAmZaKQ_w • CWE-476: NULL Pointer Dereference •