CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1406 – Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1406
10 Feb 2024 — A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1405 – Linksys WRT54GL Web Management Interface wlaninfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1405
10 Feb 2024 — A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1404 – Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1404
09 Feb 2024 — A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31740
https://notcve.org/view.php?id=CVE-2023-31740
23 May 2023 — There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. • http://linksys.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31741
https://notcve.org/view.php?id=CVE-2023-31741
23 May 2023 — There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. • http://linksys.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31742
https://notcve.org/view.php?id=CVE-2023-31742
22 May 2023 — There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. • http://linksys.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 4CVE-2022-38841 – Linksys AX3200 V1.1.00 - Command Injection
https://notcve.org/view.php?id=CVE-2022-38841
24 Mar 2023 — Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page. Linksys AX3200 version 1.1.00 suffers from a remote command injection vulnerability. • https://packetstorm.news/files/id/171433 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 2%CPEs: 2EXPL: 3CVE-2022-43970 – Buffer overflow in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43970
09 Jan 2023 — A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. Existe una vulnerabilidad de desbordamiento del búfer en el router Linksys WR... • https://youtu.be/73-1lhvJPNg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 3CVE-2022-43971 – Arbitrary code execution in Linksys WUMC710
https://notcve.org/view.php?id=CVE-2022-43971
09 Jan 2023 — An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. Existe una vulnerabil... • https://youtu.be/73-1lhvJPNg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-43972 – Null pointer dereference in Linksys WRT54GL
https://notcve.org/view.php?id=CVE-2022-43972
09 Jan 2023 — A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. Existe una vulnerabilidad de desreferencia de puntero nulo en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. Un atacante no autenticado puede desencadenar una desre... • https://youtu.be/73-1lhvJPNg • CWE-476: NULL Pointer Dereference •