CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2019-16340
https://notcve.org/view.php?id=CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Los dispositivos Belkin Linksys Velop versión 1.1.8.192419, permiten a atacantes remotos detectar la clave de recuperación mediante una petición directa para el URI /sysinfo_json.cgi. • http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/WHW03_A03_Velop_Customer_Release_Notes_1.1.9.195026.txt https://puzzor.github.io/Linksys-Velop-Authentication-bypass https://www.linksys.com/us/support-article?articleNum=207568 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 1CVE-2018-17208
https://notcve.org/view.php?id=CVE-2018-17208
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. Los dispositivos de Linksys Velop 1.1.2.187020 permite la inyección de comandos no autenticada, proporcionando a un atacante con acceso root total mediante cgi-bin/zbtest.cgi o cgi-bin/zbtest2.cgi (scripts que se pueden descubrir con binwalk en el firmware, pero no son visibles en la interfaz web). • https://langkjaer.com/velop.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •