E8450
by Linksys
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6751 | Hig | 0.57 | 8.8 | 0.01 | Jun 27, 2025 | A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||
| CVE-2024-57542 | 0.00 | — | 0.02 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. | |||
| CVE-2024-57540 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification. | |||
| CVE-2024-57538 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification. | |||
| CVE-2024-57537 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification. | |||
| CVE-2024-57536 | 0.00 | — | 0.01 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. | |||
| CVE-2024-57544 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification. | |||
| CVE-2024-57543 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (dhcpstart_ip) is copied to the stack without length verification. | |||
| CVE-2024-57539 | 0.00 | — | 0.06 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. | |||
| CVE-2024-57541 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (ipv6_protect_status) is copied to the stack without length verification. | |||
| CVE-2024-57545 | 0.00 | — | 0.00 | Jan 21, 2025 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (hidden_dhcp_num) is copied to the stack without length verification. |
- risk 0.57cvss 8.8epss 0.01
A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2024-57542Jan 21, 2025risk 0.00cvss —epss 0.02
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn.
- CVE-2024-57540Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification.
- CVE-2024-57538Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification.
- CVE-2024-57537Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (page) is copied to the stack without length verification.
- CVE-2024-57536Jan 21, 2025risk 0.00cvss —epss 0.01
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status.
- CVE-2024-57544Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification.
- CVE-2024-57543Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (dhcpstart_ip) is copied to the stack without length verification.
- CVE-2024-57539Jan 21, 2025risk 0.00cvss —epss 0.06
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail.
- CVE-2024-57541Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (ipv6_protect_status) is copied to the stack without length verification.
- CVE-2024-57545Jan 21, 2025risk 0.00cvss —epss 0.00
Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (hidden_dhcp_num) is copied to the stack without length verification.