ReportizFlow
Filtered by vendor Linksys
Subscriptions
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0426 | 1 Linksys | 1 Befvp41 | 2025-04-03 | N/A |
| VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. | ||||
| CVE-2005-2916 | 1 Linksys | 1 Wrt54g | 2025-04-03 | N/A |
| Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. | ||||
| CVE-2006-2559 | 1 Linksys | 2 Wrt54g, Wrt54g V5 | 2025-04-03 | N/A |
| Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2025-04-03 | N/A |
| Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | ||||
| CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | ||||
| CVE-2005-2915 | 1 Linksys | 1 Wrt54g | 2025-04-03 | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. | ||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2025-04-03 | N/A |
| ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | ||||
| CVE-2002-2371 | 1 Linksys | 1 Wet11 | 2025-04-03 | N/A |
| Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | ||||
| CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2025-04-03 | N/A |
| Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | ||||
| CVE-2003-1497 | 1 Linksys | 1 Befsx41 | 2025-04-03 | N/A |
| Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. | ||||
| CVE-2005-2434 | 1 Linksys | 1 Wrt54g | 2025-04-03 | N/A |
| Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. | ||||
| CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2025-04-03 | N/A |
| Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | ||||
| CVE-2004-0580 | 1 Linksys | 12 Befcmu10, Befn2ps4, Befsr11 and 9 more | 2025-04-03 | N/A |
| DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2025-04-03 | N/A |
| Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header. | ||||
| CVE-2001-1117 | 1 Linksys | 1 Befsr41 | 2025-04-03 | N/A |
| LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. | ||||
| CVE-2025-29226 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. | ||||
| CVE-2025-29227 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. | ||||
| CVE-2025-29230 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 8.6 High |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter. | ||||
| CVE-2025-29223 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-04-01 | 6.3 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. | ||||
| CVE-2022-38841 | 1 Linksys | 2 E8450, E8450 Firmware | 2025-02-06 | 8.8 High |
| Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page. | ||||