VYPR

Vendor CVEs

Belkin

All CVEs

103 total · sorted by risk
  • CVE-2025-8730CriAug 8, 2025
    risk 0.70cvss 9.8epss 0.03

    A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The…

  • CVE-2009-20009CriAug 30, 2025
    risk 0.68cvss epss 0.02

    Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input…

  • CVE-2018-1143CriApr 19, 2018
    risk 0.68cvss 9.8epss 0.55

    A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.

  • CVE-2018-1145CriApr 19, 2018
    risk 0.66cvss 9.8epss 0.25

    A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.

  • CVE-2018-6692CriAug 21, 2018
    risk 0.65cvss 10.0epss 0.04

    Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.

  • CVE-2018-1144CriApr 19, 2018
    risk 0.64cvss 9.8epss 0.07

    A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.

  • CVE-2015-5989CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.

  • CVE-2015-5988CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

  • CVE-2026-5629HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is…

  • CVE-2026-5628HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote…

  • CVE-2026-5614HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been…

  • CVE-2026-5613HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly…

  • CVE-2026-5612HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-5611HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit…

  • CVE-2026-5610HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit…

  • CVE-2026-5608HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public…

  • CVE-2026-4566HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…

  • CVE-2026-4167HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly…

  • CVE-2015-5990HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-5987HigDec 31, 2015
    risk 0.56cvss 8.6epss 0.01

    Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

  • CVE-2018-1146HigApr 19, 2018
    risk 0.51cvss 7.5epss 0.29

    A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.

  • CVE-2026-36959HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and…

  • CVE-2026-36958HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP…

  • CVE-2025-7083MedJul 6, 2025
    risk 0.42cvss 6.3epss 0.38

    A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack…

  • CVE-2025-7082MedJul 6, 2025
    risk 0.42cvss 6.3epss 0.13

    A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netmask/wan_gateway/wl_ssid…

  • CVE-2025-7081MedJul 6, 2025
    risk 0.42cvss 6.3epss 0.15

    A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument…

  • CVE-2025-11303MedOct 5, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The…

  • CVE-2025-11298MedOct 5, 2025
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The exploit has been…

  • CVE-2025-11292MedOct 5, 2025
    risk 0.41cvss 6.3epss 0.07

    A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing a manipulation of the argument wan_ipaddr can lead to command injection. The attack can be launched remotely. The exploit has been made…

  • CVE-2019-12780Jun 10, 2019
    risk 0.10cvss epss 0.72

    The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.

  • CVE-2014-1635Nov 12, 2014
    risk 0.08cvss epss 0.67

    Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.

  • CVE-2013-2748Jan 28, 2020
    risk 0.07cvss epss 0.13

    Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.

  • CVE-2014-2962Jun 19, 2014
    risk 0.07cvss epss 0.47

    Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

  • CVE-2002-1811Dec 31, 2002
    risk 0.04cvss epss 0.07

    Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.

  • CVE-2013-3083Sep 29, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and…

  • CVE-2012-4366Nov 20, 2012
    risk 0.03cvss epss 0.05

    Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by…

  • CVE-2008-7115Aug 28, 2009
    risk 0.03cvss epss 0.04

    The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in…

  • CVE-2008-1244Mar 10, 2008
    risk 0.03cvss epss 0.05

    cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it…

  • CVE-2008-1242Mar 10, 2008
    risk 0.03cvss epss 0.04

    The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different…

  • CVE-2008-1245Mar 10, 2008
    risk 0.03cvss epss 0.03

    cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.

  • CVE-2008-0403Jan 23, 2008
    risk 0.03cvss epss 0.03

    The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

  • CVE-2005-4417Dec 20, 2005
    risk 0.03cvss epss 0.05

    The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which…

  • CVE-2022-30105May 18, 2022
    risk 0.01cvss epss 0.03

    In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters],…

  • CVE-2026-5044Mar 29, 2026
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The…

  • CVE-2026-5043Mar 29, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote…

  • CVE-2026-5042Mar 29, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow.…

  • CVE-2026-27512Feb 23, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the…

  • CVE-2026-27511Feb 23, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe…

  • CVE-2025-11302Oct 5, 2025
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed…

  • CVE-2025-11301Oct 5, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the…

Page 1 of 3