Filtered by vendor Belkin
Subscribe
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1244 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected. | |||||
| CVE-2008-1242 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 10.0 HIGH | N/A |
| The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802. | |||||
| CVE-2008-1245 | 1 Belkin | 1 F5d7230-4 | 2018-10-11 | 7.8 HIGH | N/A |
| cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header. | |||||
| CVE-2018-1145 | 1 Belkin | 2 N750, N750 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2008-7115 | 1 Belkin | 2 F5d7632-4, Wireless G Router | 2017-09-28 | 10.0 HIGH | N/A |
| The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244. | |||||
| CVE-2013-3084 | 1 Belkin | 1 F5d8236-4 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3090 | 1 Belkin | 1 N300 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors. | |||||
| CVE-2013-3087 | 1 Belkin | 1 N900 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. | |||||
| CVE-2012-4366 | 1 Belkin | 4 N150 Wireless Router, N300 Wireless Router, N450 Wireless Router and 1 more | 2017-08-28 | 3.3 LOW | N/A |
| Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. | |||||
| CVE-2007-3784 | 1 Belkin | 1 F5d7231-4 | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. | |||||
| CVE-2005-3802 | 1 Belkin | 2 F5d7230-4, F5d7232-4 | 2017-07-11 | 5.1 MEDIUM | N/A |
| Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | |||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2017-07-11 | 7.5 HIGH | N/A |
| Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | |||||
| CVE-2015-5536 | 1 Belkin | 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware | 2016-12-23 | 9.0 HIGH | N/A |
| Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. | |||||
| CVE-2014-2962 | 1 Belkin | 2 N150 F9k1009, N150 F9k1009 Firmware | 2016-12-23 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | |||||
| CVE-2014-1635 | 1 Belkin | 2 N750 Wireless Router, N750 Wireless Router Firmware | 2016-03-31 | 10.0 HIGH | N/A |
| Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. | |||||
| CVE-2015-5990 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-5988 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 9.3 HIGH | 9.8 CRITICAL |
| The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
| CVE-2015-5987 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 5.0 MEDIUM | 8.6 HIGH |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | |||||
| CVE-2015-5989 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2015-12-31 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | |||||
| CVE-2013-3083 | 1 Belkin | 1 F5d8236-4 V2 | 2014-09-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | |||||