CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8408 – Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
https://notcve.org/view.php?id=CVE-2024-8408
04 Sep 2024 — A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2024-42633
https://notcve.org/view.php?id=CVE-2024-42633
19 Aug 2024 — A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. • https://github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40495
https://notcve.org/view.php?id=CVE-2024-40495
24 Jul 2024 — A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. • http://e2500.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41281
https://notcve.org/view.php?id=CVE-2024-41281
19 Jul 2024 — Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Linksys WRT54G v4.21.5 tiene una vulnerabilidad de desbordamiento de pila en la función get_merge_mac. • https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_get_merge_mac.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 15%CPEs: 2EXPL: 1CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
11 Jun 2024 — Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Permisos inseguros en Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 permite a los atacantes escalar privilegios de Invitado a raíz a través de un directory traversal. • https://github.com/IvanGlinkin/CVE-2024-36821 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 1CVE-2023-46012
https://notcve.org/view.php?id=CVE-2023-46012
07 May 2024 — Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. Vulnerabilidad de desbordamiento de búfer LINKSYS EA7500 3.0.1.207964 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud HTTP al IGD UPnP. • https://github.com/dest-3/CVE-2023-46012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-33788
https://notcve.org/view.php?id=CVE-2024-33788
06 May 2024 — Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Se descubrió que Linksys E5600 v1.1.0.26 contenía una vulnerabilidad de inyección de comandos a través del parámetro PinCode en el endpoint del formulario /API/info. • https://github.com/ymkyu/CVE/tree/main/CVE-2024-33788 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2024-33789
https://notcve.org/view.php?id=CVE-2024-33789
03 May 2024 — Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Se descubrió que Linksys E5600 v1.1.0.26 contenía una vulnerabilidad de inyección de comandos a través del parámetro ipurl en el endpoint del formulario /API/info. • https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.7EPSS: 92%CPEs: 1EXPL: 0CVE-2024-25852
https://notcve.org/view.php?id=CVE-2024-25852
11 Apr 2024 — Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. Linksys RE7000 v2.0.9, v2.0.11 y v2.0.15 tienen una vulnerabilidad de ejecución de comandos en el parámetro "AccessControlList" del punto de función de control de acceso. Un atacante puede utilizar la vulnerabilidad para obtener derechos de administrador del dispositivo. • https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28283
https://notcve.org/view.php?id=CVE-2024-28283
19 Mar 2024 — There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. • https://d05004.notion.site/Linksys-E1000-BOF-37b98eec45ea4fc991b9b5bea3db091d?pvs=4 • CWE-121: Stack-based Buffer Overflow •