Filtered by vendor Linksys
Subscriptions
Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5000 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4999 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.3 Medium |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-33788 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | 8.0 High |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | ||||
| CVE-2025-22996 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2025-22997 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | 9.8 Critical |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | ||||
| CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | 7.5 High |
| An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2024-28283 | 1 Linksys | 2 E1000, E1000 Firmware | 2025-06-10 | 6.7 Medium |
| There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. | ||||
| CVE-2025-5445 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.3 Medium |
| A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5444 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.3 Medium |
| A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5443 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-06-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-25522 | 1 Linksys | 2 Wap610n, Wap610n Firmware | 2025-06-06 | 7.3 High |
| Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | ||||
| CVE-2024-41281 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2025-06-04 | 8.8 High |
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | ||||
| CVE-2024-1404 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-05-15 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1405 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-05-15 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-45491 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 9.8 Critical |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. | ||||
| CVE-2025-45490 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. | ||||
| CVE-2025-45489 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | ||||
| CVE-2025-45488 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | ||||
| CVE-2025-45487 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | ||||