CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4658
https://notcve.org/view.php?id=CVE-2013-4658
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. Linksys EA6500, presenta un Salto de Enlace Simbólico de SMB permitiendo crear enlaces simbólicos a ubicaciones fuera del recurso compartido Samba. • https://www.ise.io/casestudies/exploiting-soho-routers https://www.ise.io/soho_service_hacks https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2014-8244
https://notcve.org/view.php?id=CVE-2014-8244
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. Linksys SMART WiFi firmware en los dispositivos EA2700 y EA3500; anterior a 2.1.41 build 162351 en los dispositivos E4200v2 y EA4500; anterior a 1.1.41 build 162599 en los dispositivos EA6200; anterior a 1.1.40 build 160989 en los dispositivos EA6300, EA6400, EA6500, y EA6700; y anterior a 1.1.42 build 161129 en los dispositivos EA6900 permite a atacantes remotos obtener información o modificar datos a través de una acción JNAP en una solicitud JNAP/ HTTP. • http://www.kb.cert.org/vuls/id/447516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 1CVE-2014-8243
https://notcve.org/view.php?id=CVE-2014-8243
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI. Linksys SMART WiFi firmware en los dispositivos EA2700 y EA3500; anterior a 2.1.41 build 162351 en los dispositivos E4200v2 y EA4500; anterior a 1.1.41 build 162599 en los dispositivos EA6200; anterior a 1.1.40 build 160989 en los dispositivos EA6300, EA6400, EA6500, y EA6700 devices; y anterior a 1.1.42 build 161129 en los dispositivos EA6900 permite a atacantes remotos obtener el hash de la contraseña MD5 del administrador a través de una solicitud directa para la URI /.htpasswd. • http://www.kb.cert.org/vuls/id/447516 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 2CVE-2013-3065
https://notcve.org/view.php?id=CVE-2013-3065
Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. Vulnerabilidad de XSS en la sección Parental Controls en Linksys EA6500 con firmware 1.1.28.147876 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la sección Blocked Specific Sites. • http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2013-3066
https://notcve.org/view.php?id=CVE-2013-3066
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. Linksys EA6500 con firmware 1.1.28.147876 no restirnge debidamente el acceso, lo que permite a atacantes remotos obtener información sensible (clientes y configuraciones de routers) a través de una solicitud en /JNAP/. • http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php • CWE-264: Permissions, Privileges, and Access Controls •