Filtered by vendor Belkin
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25310 | 1 Belkin | 2 Linksys Wrt160nl, Linksys Wrt160nl Firmware | 2024-04-11 | 9.0 HIGH | 8.8 HIGH |
| The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine | |||||
| CVE-2020-26561 | 1 Belkin | 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware | 2024-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2023-33768 | 1 Belkin | 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
| Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file. | |||||
| CVE-2023-27217 | 1 Belkin | 2 F7c063, F7c063 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. | |||||
| CVE-2022-30105 | 1 Belkin | 2 N300, N300 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. | |||||
| CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
| Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||||
| CVE-2013-2679 | 1 Belkin | 2 Linksys E4200, Linksys E4200 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi. | |||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | |||||
| CVE-2019-17094 | 1 Belkin | 2 Wemo Insight Switch, Wemo Insight Switch Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. | |||||
| CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | |||||
| CVE-2013-2748 | 1 Belkin | 2 Wemo Switch, Wemo Switch Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | |||||
| CVE-2013-7173 | 1 Belkin | 2 N750, N750 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin n750 routers have a buffer overflow. | |||||
| CVE-2019-17532 | 1 Belkin | 2 Wemo Switch 28b, Wemo Switch 28b Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | |||||
| CVE-2013-3085 | 1 Belkin | 2 F5d8236-4, F5d8236-4 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | |||||
| CVE-2019-12780 | 1 Belkin | 2 Crock-pot Smart Slow Cooker With Wemo, Crock-pot Smart Slow Cooker With Wemo Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication. | |||||
| CVE-2018-6692 | 1 Belkin | 2 Wemo Insight Smart Plug, Wemo Insight Smart Plug Firmware | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
| Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. | |||||
| CVE-2018-1145 | 1 Belkin | 2 N750, N750 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2018-1143 | 1 Belkin | 2 N750, N750 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | |||||
| CVE-2018-1146 | 1 Belkin | 2 N750, N750 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access. | |||||
| CVE-2018-1144 | 1 Belkin | 2 N750, N750 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||