CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2010-1573
https://notcve.org/view.php?id=CVE-2010-1573
10 Jun 2010 — Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. Linksys WAP54Gv3 firmware v3.04.03 y anteriores usa un nombre de fuerte codificación (Gemtek) y password (gemtekswd) para una interfaz de depuración para varias páginas web, lo que permite a atacan... • http://secunia.com/advisories/40103 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2010-2261
https://notcve.org/view.php?id=CVE-2010-2261
10 Jun 2010 — Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. Linksys WAP54Gv3 firmware v3.04.03 y anteriores permite a atacants remotos ejecutar comandos de su elección a a través de una shell de metacaracteres en los parámetros (1) data2 y (2) data3 en (a) Debug_command_page.asp y (b) debug.cgi. • http://www.securityfocus.com/archive/1/511733/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5475
https://notcve.org/view.php?id=CVE-2007-5475
12 Nov 2009 — Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements. Múltiples desbordamientos de búfer en el driver inalámbrico Marvell, tal como se ... • http://secunia.com/advisories/37345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2009-3341
https://notcve.org/view.php?id=CVE-2009-3341
24 Sep 2009 — Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer en el router inalámbrico Linksys WRT54GL permite a los atacantes r... • http://intevydis.com/vd-list.shtml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4594
https://notcve.org/view.php?id=CVE-2008-4594
17 Oct 2008 — Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote. Vulnerabilidad no especificada en el componente SNMPv3 en el firmware 1.2.14 del Linksys WAP4400N con el chipset Marvell Semiconductor 88W8361P-BEM1 tiene un impacto y unos vectores de ataque, probablemente remotos, desconocidos. • http://secunia.com/advisories/32259 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-4441
https://notcve.org/view.php?id=CVE-2008-4441
14 Oct 2008 — The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. El controlador de dispositivo Marvell para el punto de acceso W... • http://secunia.com/advisories/32259 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5474
https://notcve.org/view.php?id=CVE-2007-5474
05 Sep 2008 — The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. El driver para el punto de acceso Wi-Fi de Linksys WRT350N con firm... • http://securityreason.com/securityalert/4226 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 7%CPEs: 1EXPL: 2CVE-2008-2092 – Linksys SPA-2102 Phone Adapter Packet Handling - Denial of Service
https://notcve.org/view.php?id=CVE-2008-2092
06 May 2008 — Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. Linksys SPA-2102 Phone Adapter 3.3.6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante un paquete ping largo ("ping de la muerte"). NOTA: la gravedad de este asunto se ha cuestionado ya que hay escenarios de ataque limitados. • https://www.exploit-db.com/exploits/31478 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6707
https://notcve.org/view.php?id=CVE-2007-6707
13 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco Linksys WAG54GS Wireless-G ADSL Gateway con versiones del código 1.01.03 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de s... • http://osvdb.org/43539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6708
https://notcve.org/view.php?id=CVE-2007-6708
13 Mar 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. Múltiples vulnerabilidades de falsificación de petición en sitios cruz... • http://osvdb.org/43537 • CWE-352: Cross-Site Request Forgery (CSRF) •