Filtered by vendor Linksys
Subscribe
Total
97 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-7121 | 1 Linksys | 1 Spa921 | 2023-12-10 | 7.8 HIGH | N/A |
The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. | |||||
CVE-2008-1247 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 10.0 HIGH | N/A |
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. | |||||
CVE-2008-1268 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 10.0 HIGH | N/A |
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | |||||
CVE-2007-2270 | 1 Linksys | 1 Spa941 | 2023-12-10 | 7.8 HIGH | N/A |
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. | |||||
CVE-2008-1263 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 4.0 MEDIUM | N/A |
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | |||||
CVE-2006-5202 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 5.0 MEDIUM | N/A |
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. | |||||
CVE-2008-0228 | 1 Linksys | 1 Wrt54gl | 2023-12-10 | 9.3 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | |||||
CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | |||||
CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 7.5 HIGH | N/A |
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | |||||
CVE-2005-2916 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 5.0 MEDIUM | N/A |
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. | |||||
CVE-2005-2915 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 5.0 MEDIUM | N/A |
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. | |||||
CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2023-12-10 | 7.5 HIGH | N/A |
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | |||||
CVE-2004-2507 | 1 Linksys | 1 Wvc11b | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | |||||
CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2023-12-10 | 5.0 MEDIUM | N/A |
Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | |||||
CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2023-12-10 | 7.8 HIGH | N/A |
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | |||||
CVE-2005-2912 | 1 Linksys | 1 Wrt54g | 2023-12-10 | 5.0 MEDIUM | N/A |
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | |||||
CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2023-12-10 | 2.1 LOW | N/A |
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |||||
CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2023-12-10 | 5.0 MEDIUM | N/A |
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
CVE-2004-2508 | 1 Linksys | 1 Wvc11b | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. |