Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1406 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-04-11 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1405 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-04-11 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1404 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-04-11 | 3.3 LOW | 7.5 HIGH |
| A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-12-10 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2022-43970 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-12-10 | N/A | 7.2 HIGH |
| A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. | |||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-12-10 | N/A | 7.2 HIGH |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||
| CVE-2022-43972 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. | |||||
| CVE-2009-3341 | 1 Linksys | 1 Wrt54gl | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-0228 | 1 Linksys | 1 Wrt54gl | 2023-12-10 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | |||||