VYPR

Vendor CVEs

Linksys

All CVEs

234 total · sorted by risk
  • CVE-2017-17411CriDec 21, 2017
    risk 0.74cvss 9.8epss 0.88

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper…

  • CVE-2010-1573CriJun 10, 2010
    risk 0.65cvss 9.8epss 0.21

    Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a)…

  • CVE-2013-10058HigAug 1, 2025
    risk 0.64cvss epss 0.03

    An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter…

  • CVE-2026-4558HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.04

    A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be…

  • CVE-2013-3307HigJul 11, 2025
    risk 0.57cvss 8.3epss 0.06

    Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

  • CVE-2025-6752HigJun 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the…

  • CVE-2025-6751HigJun 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer…

  • CVE-2018-17208HigSep 19, 2018
    risk 0.57cvss 8.8epss 0.03

    Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This…

  • CVE-2017-10677HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP.

  • CVE-2013-10062MedAug 1, 2025
    risk 0.53cvss epss 0.01

    A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary…

  • CVE-2008-4390HigDec 9, 2008
    risk 0.49cvss 7.5epss 0.03

    The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

  • CVE-2026-6992HigApr 25, 2026
    risk 0.47cvss 7.2epss 0.06

    A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack…

  • CVE-2014-125122MedJul 31, 2025
    risk 0.42cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this…

  • CVE-2025-9575MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead…

  • CVE-2025-9244MedAug 20, 2025
    risk 0.41cvss 6.3epss 0.08

    A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the…

  • CVE-2025-8830MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be…

  • CVE-2025-8829MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack…

  • CVE-2025-8828MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pp…

  • CVE-2025-8827MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The…

  • CVE-2025-8825MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is…

  • CVE-2025-8823MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The…

  • CVE-2025-8821MedAug 11, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be…

  • CVE-2025-8818MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The…

  • CVE-2025-9528MedAug 27, 2025
    risk 0.31cvss 4.7epss 0.50

    A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit…

  • CVE-2023-31742May 22, 2023
    risk 0.09cvss epss 0.11

    There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s…

  • CVE-2005-2799Sep 15, 2005
    risk 0.09cvss epss 0.71

    Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

  • CVE-2018-3953Oct 17, 2018
    risk 0.08cvss epss 0.13

    Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the…

  • CVE-2024-25852Apr 11, 2024
    risk 0.07cvss epss 0.17

    Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.

  • CVE-2024-27497Mar 1, 2024
    risk 0.07cvss epss 0.26

    Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.

  • CVE-2020-35713Dec 26, 2020
    risk 0.07cvss epss 0.33

    Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

  • CVE-2022-38841Apr 16, 2023
    risk 0.04cvss epss 0.11

    Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.

  • CVE-2008-6280Feb 25, 2009
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.

  • CVE-2007-2270Apr 25, 2007
    risk 0.04cvss epss 0.09

    The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.

  • CVE-2006-5882Nov 14, 2006
    risk 0.04cvss epss 0.13

    Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing…

  • CVE-2004-2507Dec 31, 2004
    risk 0.04cvss epss 0.08

    Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.

  • CVE-2004-0580Aug 6, 2004
    risk 0.04cvss epss 0.08

    DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.

  • CVE-2002-1236Nov 12, 2002
    risk 0.04cvss epss 0.07

    The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.

  • CVE-2025-60690Nov 13, 2025
    risk 0.03cvss epss 0.05

    A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching _0~3 into a fixed-size buffer (a2)…

  • CVE-2023-46012May 7, 2024
    risk 0.03cvss epss 0.02

    Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP.

  • CVE-2013-2682Feb 5, 2020
    risk 0.03cvss epss 0.06

    Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

  • CVE-2008-2092May 6, 2008
    risk 0.03cvss epss 0.04

    Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.

  • CVE-2008-1247Mar 10, 2008
    risk 0.03cvss epss 0.05

    The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4)…

  • CVE-2007-5411Oct 12, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.

  • CVE-2007-3574Jul 5, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm…

  • CVE-2006-5202Oct 10, 2006
    risk 0.03cvss epss 0.04

    Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue…

  • CVE-2005-1059May 2, 2005
    risk 0.03cvss epss 0.03

    Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.

  • CVE-2004-2508Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.

  • CVE-2004-0312Nov 23, 2004
    risk 0.03cvss epss 0.06

    Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.

  • CVE-2002-1865Dec 31, 2002
    risk 0.03cvss epss 0.03

    Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of…

  • CVE-2024-48286Nov 21, 2024
    risk 0.02cvss epss 0.12

    Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function.

Page 1 of 5