Filtered by vendor Linksys
Subscribe
Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5000 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4999 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-33788 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 8.0 HIGH |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | |||||
| CVE-2025-22996 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | |||||
| CVE-2025-22997 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | |||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | |||||
| CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 7.5 HIGH |
| An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
| CVE-2024-28283 | 1 Linksys | 2 E1000, E1000 Firmware | 2025-06-10 | N/A | 6.7 MEDIUM |
| There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. | |||||
| CVE-2025-5445 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5444 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5443 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25522 | 1 Linksys | 2 Wap610n, Wap610n Firmware | 2025-06-06 | N/A | 7.3 HIGH |
| Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | |||||
| CVE-2024-41281 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2025-06-04 | N/A | 8.8 HIGH |
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | |||||
| CVE-2025-45491 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. | |||||
| CVE-2025-45490 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. | |||||
| CVE-2025-45489 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | |||||
| CVE-2025-45488 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | |||||
| CVE-2025-45487 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | |||||
| CVE-2024-57536 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 8.0 HIGH |
| Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. | |||||
| CVE-2024-57537 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-04-22 | N/A | 6.3 MEDIUM |
| Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification. | |||||