VYPR

Velop

by Linksys

CVEs (2)

  • CVE-2018-17208HigSep 19, 2018
    risk 0.57cvss 8.8epss 0.03

    Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This…

  • CVE-2019-16340Nov 21, 2019
    risk 0.00cvss epss 0.19

    Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.