Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Linksys Subscribe
Total 90 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1265 1 Linksys 1 Wrt54g 2018-10-11 7.8 HIGH N/A
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
CVE-2008-1268 1 Linksys 1 Wrt54g 2018-10-11 10.0 HIGH N/A
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
CVE-2010-2261 1 Linksys 1 Wap54gv3 2018-10-10 10.0 HIGH N/A
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
CVE-2010-1573 1 Linksys 1 Wap54gv3 2018-10-10 10.0 HIGH N/A
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
CVE-2017-17411 1 Linksys 2 Wvbr0, Wvbr0 Firmware 2018-08-28 10.0 HIGH 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
CVE-2004-0580 1 Linksys 12 Befcmu10, Befn2ps4, Befsr11 and 9 more 2018-08-13 5.0 MEDIUM N/A
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
CVE-2007-2270 1 Linksys 1 Spa941 2017-10-10 7.8 HIGH N/A
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVE-2006-5202 1 Linksys 1 Wrt54g 2017-10-10 5.0 MEDIUM N/A
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
CVE-2001-1117 1 Linksys 1 Befsr41 2017-10-09 5.0 MEDIUM N/A
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
CVE-2001-0514 3 Atmel, Linksys, Netgear 3 802.11b Vnet-b Access Point, Wap11, Me102 2017-10-09 7.5 HIGH N/A
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
CVE-2001-0888 3 Atmel, Linksys, Netgear 3 Firmware, Wap11, Me102 2017-10-09 5.0 MEDIUM N/A
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
CVE-2017-10677 1 Linksys 2 Ea4500, Ea4500 Firmware 2017-08-14 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP.
CVE-2008-4594 2 Linksys, Marvell 2 Wap400n, 88w8361p-bem1 2017-08-07 10.0 HIGH N/A
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
CVE-2008-2092 1 Linksys 1 Spa-2102 Phone Adapter 2017-08-07 7.8 HIGH N/A
Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.
CVE-2007-5411 1 Linksys 1 Spa941 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.
CVE-2006-7121 1 Linksys 1 Spa921 2017-07-28 7.8 HIGH N/A
The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
CVE-2003-1497 1 Linksys 1 Befsx41 2017-07-28 6.3 MEDIUM N/A
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
CVE-2006-5882 2 Broadcom, Linksys 2 Bcmwl5.sys Wireless Device Driver, Wpc300n Wireless-n Notebook Adapter Driver 2017-07-19 8.3 HIGH N/A
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
CVE-2006-1973 1 Linksys 1 Rt31p2 2017-07-19 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
CVE-2006-2559 1 Linksys 2 Wrt54g, Wrt54g V5 2017-07-19 7.5 HIGH N/A
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.