CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3067
https://notcve.org/view.php?id=CVE-2013-3067
07 Feb 2020 — Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. Linksys WRT310N v2 2.0.0.1, es vulnerable a un ataque de tipo XSS. • http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16340
https://notcve.org/view.php?id=CVE-2019-16340
21 Nov 2019 — Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Los dispositivos Belkin Linksys Velop versión 1.1.8.192419, permiten a atacantes remotos detectar la clave de recuperación mediante una petición directa para el URI /sysinfo_json.cgi. • http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/WHW03_A03_Velop_Customer_Release_Notes_1.1.9.195026.txt • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4658
https://notcve.org/view.php?id=CVE-2013-4658
25 Oct 2019 — Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. Linksys EA6500, presenta un Salto de Enlace Simbólico de SMB permitiendo crear enlaces simbólicos a ubicaciones fuera del recurso compartido Samba. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2019-11535
https://notcve.org/view.php?id=CVE-2019-11535
17 Jul 2019 — Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. Una entrada de usuario no saneada en la interfaz web para los productos extensores de WiFi de Linksys (RE6400 y RE6300 hasta versión 1.2.04.022), permite la ejecución de comandos remota. Un atacante puede acceder a las configuraciones del sistema ... • http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2019-7579
https://notcve.org/view.php?id=CVE-2019-7579
17 Jun 2019 — An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network. Se descubrió un problema en los dispos... • http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 9%CPEs: 2EXPL: 1CVE-2009-5157
https://notcve.org/view.php?id=CVE-2009-5157
11 Jun 2019 — On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. En los dispositivos Linksys WAG54G2 1.00.10, hay una inyección de comando identificada a través de metacaracteres de shell en la variable setup.cgi c4_ping_ipaddr. • https://www.securityfocus.com/archive/1/503934 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7311
https://notcve.org/view.php?id=CVE-2019-7311
06 Jun 2019 — An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access t... • http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 1CVE-2018-3953
https://notcve.org/view.php?id=CVE-2018-3953
17 Oct 2018 — Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches o... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 1CVE-2018-3954
https://notcve.org/view.php?id=CVE-2018-3954
17 Oct 2018 — Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_hos... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 1CVE-2018-3955
https://notcve.org/view.php?id=CVE-2018-3955
17 Oct 2018 — An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi ... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •