Vendor CVEs
Belkin
All CVEs
103 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11300 | 0.00 | — | 0.01 | Oct 5, 2025 | A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been… | |||
| CVE-2025-11299 | 0.00 | — | 0.01 | Oct 5, 2025 | A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is… | |||
| CVE-2025-11297 | 0.00 | — | 0.01 | Oct 5, 2025 | A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has… | |||
| CVE-2025-11296 | 0.00 | — | 0.01 | Oct 5, 2025 | A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to… | |||
| CVE-2025-11295 | 0.00 | — | 0.01 | Oct 5, 2025 | A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.… | |||
| CVE-2025-11294 | 0.00 | — | 0.01 | Oct 5, 2025 | A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in buffer overflow. The attack may be launched remotely. The exploit is now… | |||
| CVE-2025-11293 | 0.00 | — | 0.01 | Oct 5, 2025 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn leads to buffer overflow. The attack may be initiated remotely.… | |||
| CVE-2025-7094 | 0.00 | — | 0.01 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument submit-url-ok leads to stack-based… | |||
| CVE-2025-7093 | 0.00 | — | 0.04 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /goform/formSetLanguage of the component webs. The manipulation of the argument webpage leads to stack-based buffer… | |||
| CVE-2025-7092 | 0.00 | — | 0.04 | Jul 6, 2025 | A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. This vulnerability affects the function formWlanSetupWPS of the file /goform/formWlanSetupWPS of the component webs. The manipulation of the argument wps_enrolee_pin/webpage leads to stack-based… | |||
| CVE-2025-7091 | 0.00 | — | 0.05 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pT… | |||
| CVE-2025-7090 | 0.00 | — | 0.04 | Jul 6, 2025 | A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file /goform/formConnectionSetting of the component webs. The manipulation of the argument max_Conn/timeOut leads to… | |||
| CVE-2025-7089 | 0.00 | — | 0.04 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The… | |||
| CVE-2025-7088 | 0.00 | — | 0.09 | Jul 6, 2025 | A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. It is… | |||
| CVE-2025-7087 | 0.00 | — | 0.09 | Jul 6, 2025 | A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the component webs. The manipulation of the argument L2TPUserName leads to stack-based buffer overflow.… | |||
| CVE-2025-7086 | 0.00 | — | 0.04 | Jul 6, 2025 | A vulnerability classified as critical has been found in Belkin F9K1122 1.00.33. Affected is the function formPPTPSetup of the file /goform/formPPTPSetup of the component webs. The manipulation of the argument pptpUserName leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2025-7085 | 0.00 | — | 0.01 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The… | |||
| CVE-2025-7084 | 0.00 | — | 0.01 | Jul 6, 2025 | A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The… | |||
| CVE-2024-45698 | 0.00 | — | 0.01 | Sep 16, 2024 | Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | |||
| CVE-2024-45697 | 0.00 | — | 0.01 | Sep 16, 2024 | Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | |||
| CVE-2024-36789 | 0.00 | — | 0.00 | Jun 7, 2024 | An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | |||
| CVE-2023-33768 | 0.00 | — | 0.01 | Jul 13, 2023 | Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file. | |||
| CVE-2023-27217 | 0.00 | — | 0.01 | May 18, 2023 | A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. | |||
| CVE-2022-45768 | 0.00 | — | 0.29 | Feb 7, 2023 | Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. | |||
| CVE-2020-26561 | 0.00 | — | 0.12 | Oct 23, 2020 | Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer… | |||
| CVE-2013-7173 | 0.00 | — | 0.02 | Feb 13, 2020 | Belkin n750 routers have a buffer overflow. | |||
| CVE-2013-3091 | 0.00 | — | 0.04 | Feb 7, 2020 | An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | |||
| CVE-2019-17094 | 0.00 | — | 0.01 | Jan 27, 2020 | A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. | |||
| CVE-2013-3088 | 0.00 | — | 0.02 | Dec 26, 2019 | Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||
| CVE-2013-3085 | 0.00 | — | 0.02 | Dec 26, 2019 | An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | |||
| CVE-2013-4655 | 0.00 | — | 0.02 | Nov 13, 2019 | Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | |||
| CVE-2019-17532 | 0.00 | — | 0.02 | Oct 12, 2019 | An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because… | |||
| CVE-2015-5536 | 0.00 | — | 0.03 | Aug 13, 2015 | Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4)… | |||
| CVE-2013-3092 | 0.00 | — | 0.02 | Sep 29, 2014 | The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | |||
| CVE-2013-3089 | 0.00 | — | 0.01 | Sep 29, 2014 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | |||
| CVE-2013-3086 | 0.00 | — | 0.01 | Sep 29, 2014 | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | |||
| CVE-2013-6952 | 0.00 | — | 0.04 | Feb 22, 2014 | The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | |||
| CVE-2013-6951 | 0.00 | — | 0.01 | Feb 22, 2014 | The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate. | |||
| CVE-2013-6950 | 0.00 | — | 0.01 | Feb 22, 2014 | The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | |||
| CVE-2013-6949 | 0.00 | — | 0.02 | Feb 22, 2014 | The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. | |||
| CVE-2013-6948 | 0.00 | — | 0.02 | Feb 22, 2014 | The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-3090 | 0.00 | — | 0.01 | Jan 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors. | |||
| CVE-2013-3087 | 0.00 | — | 0.01 | Jan 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. | |||
| CVE-2013-3084 | 0.00 | — | 0.01 | Jan 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6371 | 0.00 | — | 0.01 | Dec 31, 2012 | The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than… | |||
| CVE-2007-6040 | 0.00 | — | 0.01 | Nov 20, 2007 | The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116. | |||
| CVE-2007-3784 | 0.00 | — | 0.01 | Jul 15, 2007 | Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. | |||
| CVE-2005-3802 | 0.00 | — | 0.02 | Nov 24, 2005 | Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | |||
| CVE-2005-2374 | 0.00 | — | 0.02 | Jul 26, 2005 | Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | |||
| CVE-2005-0834 | 0.00 | — | 0.01 | May 2, 2005 | Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information. |
- CVE-2025-11300Oct 5, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been…
- CVE-2025-11299Oct 5, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is…
- CVE-2025-11297Oct 5, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has…
- CVE-2025-11296Oct 5, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to…
- CVE-2025-11295Oct 5, 2025risk 0.00cvss —epss 0.01
A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.…
- CVE-2025-11294Oct 5, 2025risk 0.00cvss —epss 0.01
A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in buffer overflow. The attack may be launched remotely. The exploit is now…
- CVE-2025-11293Oct 5, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn leads to buffer overflow. The attack may be initiated remotely.…
- CVE-2025-7094Jul 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument submit-url-ok leads to stack-based…
- CVE-2025-7093Jul 6, 2025risk 0.00cvss —epss 0.04
A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /goform/formSetLanguage of the component webs. The manipulation of the argument webpage leads to stack-based buffer…
- CVE-2025-7092Jul 6, 2025risk 0.00cvss —epss 0.04
A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. This vulnerability affects the function formWlanSetupWPS of the file /goform/formWlanSetupWPS of the component webs. The manipulation of the argument wps_enrolee_pin/webpage leads to stack-based…
- CVE-2025-7091Jul 6, 2025risk 0.00cvss —epss 0.05
A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pT…
- CVE-2025-7090Jul 6, 2025risk 0.00cvss —epss 0.04
A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file /goform/formConnectionSetting of the component webs. The manipulation of the argument max_Conn/timeOut leads to…
- CVE-2025-7089Jul 6, 2025risk 0.00cvss —epss 0.04
A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The…
- CVE-2025-7088Jul 6, 2025risk 0.00cvss —epss 0.09
A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. It is…
- CVE-2025-7087Jul 6, 2025risk 0.00cvss —epss 0.09
A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the component webs. The manipulation of the argument L2TPUserName leads to stack-based buffer overflow.…
- CVE-2025-7086Jul 6, 2025risk 0.00cvss —epss 0.04
A vulnerability classified as critical has been found in Belkin F9K1122 1.00.33. Affected is the function formPPTPSetup of the file /goform/formPPTPSetup of the component webs. The manipulation of the argument pptpUserName leads to stack-based buffer overflow. It is possible to…
- CVE-2025-7085Jul 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The…
- CVE-2025-7084Jul 6, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The…
- CVE-2024-45698Sep 16, 2024risk 0.00cvss —epss 0.01
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
- CVE-2024-45697Sep 16, 2024risk 0.00cvss —epss 0.01
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.
- CVE-2024-36789Jun 7, 2024risk 0.00cvss —epss 0.00
An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.
- CVE-2023-33768Jul 13, 2023risk 0.00cvss —epss 0.01
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
- CVE-2023-27217May 18, 2023risk 0.00cvss —epss 0.01
A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.
- CVE-2022-45768Feb 7, 2023risk 0.00cvss —epss 0.29
Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.
- CVE-2020-26561Oct 23, 2020risk 0.00cvss —epss 0.12
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer…
- CVE-2013-7173Feb 13, 2020risk 0.00cvss —epss 0.02
Belkin n750 routers have a buffer overflow.
- CVE-2013-3091Feb 7, 2020risk 0.00cvss —epss 0.04
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
- CVE-2019-17094Jan 27, 2020risk 0.00cvss —epss 0.01
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
- CVE-2013-3088Dec 26, 2019risk 0.00cvss —epss 0.02
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
- CVE-2013-3085Dec 26, 2019risk 0.00cvss —epss 0.02
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
- CVE-2013-4655Nov 13, 2019risk 0.00cvss —epss 0.02
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.
- CVE-2019-17532Oct 12, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because…
- CVE-2015-5536Aug 13, 2015risk 0.00cvss —epss 0.03
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4)…
- CVE-2013-3092Sep 29, 2014risk 0.00cvss —epss 0.02
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
- CVE-2013-3089Sep 29, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.
- CVE-2013-3086Sep 29, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports.
- CVE-2013-6952Feb 22, 2014risk 0.00cvss —epss 0.04
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
- CVE-2013-6951Feb 22, 2014risk 0.00cvss —epss 0.01
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.
- CVE-2013-6950Feb 22, 2014risk 0.00cvss —epss 0.01
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.
- CVE-2013-6949Feb 22, 2014risk 0.00cvss —epss 0.02
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
- CVE-2013-6948Feb 22, 2014risk 0.00cvss —epss 0.02
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
- CVE-2013-3090Jan 30, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors.
- CVE-2013-3087Jan 30, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html.
- CVE-2013-3084Jan 30, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-6371Dec 31, 2012risk 0.00cvss —epss 0.01
The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than…
- CVE-2007-6040Nov 20, 2007risk 0.00cvss —epss 0.01
The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.
- CVE-2007-3784Jul 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
- CVE-2005-3802Nov 24, 2005risk 0.00cvss —epss 0.02
Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication.
- CVE-2005-2374Jul 26, 2005risk 0.00cvss —epss 0.02
Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces.
- CVE-2005-0834May 2, 2005risk 0.00cvss —epss 0.01
Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information.
Page 2 of 3