CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-24372
https://notcve.org/view.php?id=CVE-2022-24372
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Los dispositivos Linksys MR9600 versiones anteriores a 2.0.5, permiten a atacantes leer archivos arbitrarios por medio de un enlace simbólico al directorio root de un recurso compartido NAS SMB • https://www.linksys.com/de/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr9600 https://www.linksys.com/mesh-routers/linksys-dual-band-mesh-wifi-6-router-mr9600/p/p-mr9600 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-046.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 2CVE-2020-35713
https://notcve.org/view.php?id=CVE-2020-35713
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a atacantes remotos ejecutar comandos arbitrarios o establecer una nueva contraseña por medio de metacaracteres de shell en la página goform/setSysAdm • https://github.com/Al1ex/CVE-2020-35713 https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35714
https://notcve.org/view.php?id=CVE-2020-35714
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.11.001, permiten a usuarios autenticados remotos ejecutar comandos arbitrarios por medio de goform/systemCommand?command= en conjunto con el programa goform/pingstart • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35715
https://notcve.org/view.php?id=CVE-2020-35715
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a usuarios autenticados remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en un nombre de archivo a la página upload_settings.cgi • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35716
https://notcve.org/view.php?id=CVE-2020-35716
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a atacantes remotos causar una denegación de servicio persistente (fallo de segmentación) por medio de un parámetro largo langSelectionOnly de /goform/langSwitch • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html •