CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41281
https://notcve.org/view.php?id=CVE-2024-41281
19 Jul 2024 — Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Linksys WRT54G v4.21.5 tiene una vulnerabilidad de desbordamiento de pila en la función get_merge_mac. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_get_merge_mac.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 6%CPEs: 2EXPL: 1CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
11 Jun 2024 — Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Permisos inseguros en Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 permite a los atacantes escalar privilegios de Invitado a raíz a través de un directory traversal. • https://github.com/IvanGlinkin/CVE-2024-36821 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2023-46012
https://notcve.org/view.php?id=CVE-2023-46012
07 May 2024 — Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. Vulnerabilidad de desbordamiento de búfer LINKSYS EA7500 3.0.1.207964 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud HTTP al IGD UPnP. • https://github.com/dest-3/CVE-2023-46012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33788
https://notcve.org/view.php?id=CVE-2024-33788
06 May 2024 — Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Se descubrió que Linksys E5600 v1.1.0.26 contenía una vulnerabilidad de inyección de comandos a través del parámetro PinCode en el endpoint del formulario /API/info. • https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-33789
https://notcve.org/view.php?id=CVE-2024-33789
03 May 2024 — Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Se descubrió que Linksys E5600 v1.1.0.26 contenía una vulnerabilidad de inyección de comandos a través del parámetro ipurl en el endpoint del formulario /API/info. • https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.7EPSS: 92%CPEs: 1EXPL: 0CVE-2024-25852
https://notcve.org/view.php?id=CVE-2024-25852
11 Apr 2024 — Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. Linksys RE7000 v2.0.9, v2.0.11 y v2.0.15 tienen una vulnerabilidad de ejecución de comandos en el parámetro "AccessControlList" del punto de función de control de acceso. Un atacante puede utilizar la vulnerabilidad para obtener derechos de administrador del dispositivo. • https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28283
https://notcve.org/view.php?id=CVE-2024-28283
19 Mar 2024 — There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. • https://d05004.notion.site/Linksys-E1000-BOF-37b98eec45ea4fc991b9b5bea3db091d?pvs=4 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 83%CPEs: 1EXPL: 0CVE-2024-27497
https://notcve.org/view.php?id=CVE-2024-27497
01 Mar 2024 — Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. • https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22543
https://notcve.org/view.php?id=CVE-2024-22543
27 Feb 2024 — An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. Se descubrió un problema en Linksys Router E1700 1.0.04 (compilación 3), que permite a atacantes autenticados escalar privilegios a través de una solicitud GET manipulada al URI /goform/* o mediante la función ExportSettings. • https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2 • CWE-613: Insufficient Session Expiration •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22544
https://notcve.org/view.php?id=CVE-2024-22544
27 Feb 2024 — An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Se descubrió un problema en Linksys Router E1700 versión 1.0.04 (compilación 3), que permite a atacantes autenticados ejecutar código arbitrario a través de la función setDateTime. • https://mat4mee.notion.site/Remote-Code-Execution-RCE-on-the-Linksys-Router-E1700-765c9bbf6a7f4171b670bc778bf9b005 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •