cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-57542,https://securityvulnerability.io/vulnerability/CVE-2024-57542,Command Injection Vulnerability in Linksys E8450 Network Router,"The Linksys E8450 network router is susceptible to a command injection vulnerability, specifically through the 'id_email_check_btn' field. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the network's integrity and security. Users of affected versions should prioritize applying available patches to mitigate risks associated with this vulnerability.",Linksys,E8450,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-57539,https://securityvulnerability.io/vulnerability/CVE-2024-57539,Command Injection Flaw in Linksys E8450 Router by Linksys,"A command injection vulnerability exists in the Linksys E8450 Router, specifically affecting version 1.2.00.360516. This issue arises from improper handling of user input through the userEmail parameter, potentially allowing attackers to execute arbitrary commands on the device. Exploitation of this vulnerability could compromise the integrity and security of the router, highlighting the importance of applying patches and following security best practices.",Linksys,E8450,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-57536,https://securityvulnerability.io/vulnerability/CVE-2024-57536,Command Injection Vulnerability in Linksys E8450 Router by Linksys,"The Linksys E8450 router is affected by a command injection vulnerability that can be exploited through the wizard_status component. This flaw may allow an attacker to send unauthorized commands, potentially compromising the router's functionality and the network it serves. It is crucial for users to be aware of this vulnerability to prevent unauthorized access and ensure their router is up to date with the latest security patches.",Linksys,E8450,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-57228,https://securityvulnerability.io/vulnerability/CVE-2024-57228,Command Injection Vulnerability in Linksys E7350 Router by Linksys,"The Linksys E7350 router version 1.1.00.032 is impacted by a command injection vulnerability that occurs through the iface parameter in the vif_disable function. This vulnerability can potentially allow an attacker to execute arbitrary commands on the affected device, thereby compromising network integrity and user data. Proper configuration and regular updates are essential to mitigate this risk.",Linksys,,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T18:15:00.000Z,0
CVE-2024-57226,https://securityvulnerability.io/vulnerability/CVE-2024-57226,Command Injection Vulnerability in Linksys E7350 Router,"The Linksys E7350 router version 1.1.00.032 has a command injection vulnerability in the vif_enable function. This flaw can be exploited via the iface parameter, allowing an attacker to execute arbitrary commands on the affected system. Proper caution should be exercised to address this vulnerability to secure network communications and device integrity.",Linksys,,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T18:15:00.000Z,0
CVE-2024-57227,https://securityvulnerability.io/vulnerability/CVE-2024-57227,Command Injection Vulnerability in Linksys E7350 Router,"The Linksys E7350 router version 1.1.00.032 is susceptible to a command injection vulnerability stemming from the ifname parameter in the apcli_do_enr_pbc_wps function. This flaw allows an attacker to execute arbitrary commands on the device, which could lead to unauthorized access and control over the network settings. Proper security measures and updates are essential to mitigate risks associated with this vulnerability.",Linksys,,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T18:15:00.000Z,0
CVE-2024-8408,https://securityvulnerability.io/vulnerability/CVE-2024-8408,Stack-Based Buffer Overflow in Linksys WRT54G,"A significant vulnerability exists in Linksys WRT54G version 4.21.5, specifically within the validate_services_port function of the apply.cgi component. This flaw allows for stack-based buffer overflow triggered by manipulation of the services_array argument. The vulnerability can be exploited remotely, potentially exposing systems to malicious attacks. Despite early disclosures to the vendor regarding this issue, there has been no response. As public knowledge increases, the risk of exploitation remains a pressing concern for affected users.",Linksys,Wrt54g Firmware,9.8,CRITICAL,0.0023399998899549246,false,,false,false,false,,,false,false,,2024-09-04T14:15:00.000Z,0
CVE-2024-42633,https://securityvulnerability.io/vulnerability/CVE-2024-42633,Command Injection Vulnerability in Linksys E1500 Router,"The Linksys E1500 router is susceptible to a Command Injection vulnerability within the do_upgrade_post function of its httpd binary. This security flaw permits an authenticated attacker to execute arbitrary OS commands with elevated privileges. By exploiting this vulnerability, attackers could potentially gain control over the router's operating system, leading to further exploits or network breaches. It is crucial for users to apply the necessary security patches and follow best practices to mitigate any risks associated with this vulnerability.",Linksys,E1500 Firmware,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-08-19T16:15:00.000Z,0
CVE-2024-1404,https://securityvulnerability.io/vulnerability/CVE-2024-1404,Unknown Functionality Vulnerability in Linksys WRT54GL Could Lead to Information Disclosure,"A vulnerability has been identified in the Linksys WRT54GL version 4.30.18, specifically within the Web Management Interface's /SysInfo.htm component, posing a risk of information disclosure. Malicious actors may exploit this vulnerability to gain unauthorized access to sensitive information. Despite early engagement, the vendor has not addressed this issue or provided any response regarding the vulnerability disclosure. Users of the affected model should take precautionary measures to secure their devices and monitor for potential exploits.",Linksys,WRT54GL,7.5,HIGH,0.001769999973475933,false,,false,false,true,2024-02-09T22:31:04.000Z,true,false,false,,2024-02-09T22:31:04.132Z,0
CVE-2023-31741,https://securityvulnerability.io/vulnerability/CVE-2023-31741,Command Injection Vulnerability in Linksys E2000 Router Firmware,"A command injection vulnerability exists in the Linksys E2000 router firmware version 1.0.06. When an attacker gains unauthorized web management access, they can exploit this flaw by injecting malicious commands into the post request parameters including wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, and ttcp_size via the httpd Start_EPI() function. This allows the attacker to execute commands with shell privileges, potentially compromising the router and the network it serves.",Linksys,E2000 Firmware,7.2,HIGH,0.01271000038832426,false,,false,false,false,,,false,false,,2023-05-23T01:15:00.000Z,0
CVE-2023-31740,https://securityvulnerability.io/vulnerability/CVE-2023-31740,Command Injection Vulnerability in Linksys E2000 Router,"The Linksys E2000 router, specifically firmware version 1.0.06, is susceptible to a command injection vulnerability within its web management interface. An attacker with access to web management can exploit this flaw by injecting malicious commands into specific post request parameters, including WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface. Successful exploitation grants the attacker shell privileges, posing a significant risk to the device and the network it is connected to.",Linksys,E2000 Firmware,7.2,HIGH,0.01271000038832426,false,,false,false,false,,,false,false,,2023-05-23T01:15:00.000Z,0
CVE-2023-31742,https://securityvulnerability.io/vulnerability/CVE-2023-31742,Command Injection Vulnerability in Linksys WRT54GL Router,"A command injection vulnerability exists in the Linksys WRT54GL router with firmware version 4.30.18.006. When a malicious actor gains web management access, they can exploit this vulnerability by injecting commands through specific POST request parameters, potentially leading to unauthorized shell access. This can pose significant security risks as it may allow attackers to alter the router's configuration or execute arbitrary commands.",Linksys,Wrt54gl Firmware,7.2,HIGH,0.01271000038832426,false,,false,false,false,,,false,false,,2023-05-22T00:00:00.000Z,0
CVE-2022-38841,https://securityvulnerability.io/vulnerability/CVE-2022-38841,OS Command Injection Vulnerability in Linksys AX3200,"The Linksys AX3200 version 1.1.00 has a vulnerability that allows authenticated users to perform OS command injection via shell metacharacters on the diagnostics traceroute page. This weakness can be exploited to execute arbitrary commands on the system, potentially compromising the integrity and security of the affected device. It highlights a significant security concern for users due to the possibility of unauthorized access and manipulation of network functionality.",Linksys,E8450 Firmware,8.8,HIGH,0.0182499997317791,false,,false,false,false,,,false,false,,2023-04-16T00:00:00.000Z,0
CVE-2022-43971,https://securityvulnerability.io/vulnerability/CVE-2022-43971,Arbitrary code execution in Linksys WUMC710,"An arbitrary code execution vulnerability is present in the Linksys WUMC710 Wireless-AC Universal Media Connector, specifically in the do_setNTP function of the httpd binary. This vulnerability arises from the use of unvalidated user input for assembling a system command. An attacker with authenticated administrator access can exploit this weakness by sending a malicious GET or POST request to /setNTP.cgi, allowing the execution of arbitrary commands on the device's underlying Linux operating system with root privileges.",Linksys,Linksys Wumc710 Wireless-ac Universal Media Connector,7.2,HIGH,0.008190000429749489,false,,false,false,false,,,false,false,,2023-01-09T00:00:00.000Z,0
CVE-2022-43970,https://securityvulnerability.io/vulnerability/CVE-2022-43970,Buffer overflow in Linksys WRT54GL,"A buffer overflow flaw exists in the Linksys WRT54GL Wireless-G Broadband Router, specifically in the Start_EPI function within the httpd binary. This vulnerability allows an authenticated attacker with administrator privileges to execute arbitrary commands on the Linux operating system as root. The exploit can be executed over the network by sending a specially crafted POST request to the /apply.cgi endpoint, potentially compromising the device's security and integrity. Users should ensure their firmware is updated to mitigate this risk.",Linksys,Wrt54gl Wireless-g Broadband Router,7.2,HIGH,0.005309999920427799,false,,false,false,false,,,false,false,,2023-01-09T00:00:00.000Z,0
CVE-2022-43973,https://securityvulnerability.io/vulnerability/CVE-2022-43973,Arbitrary code execution in Linksys WRT54GL,"An arbitrary code execution vulnerability has been identified in the Linksys WRT54GL Wireless-G Broadband Router running firmware versions 4.30.18.006 and earlier. This issue arises from the Check_TSSI function within the httpd binary, where unvalidated user input can be manipulated to construct a system command. An authenticated attacker with administrative privileges can exploit this vulnerability by sending a crafted POST request to /apply.cgi. By doing so, they can execute arbitrary commands on the underlying Linux operating system with root privileges, potentially compromising the entire system.",Linksys,Wrt54gl Wireless-g Broadband Router,7.2,HIGH,0.009080000221729279,false,,false,false,false,,,false,false,,2023-01-09T00:00:00.000Z,0
CVE-2022-35572,https://securityvulnerability.io/vulnerability/CVE-2022-35572,Web Interface Vulnerability in Linksys E5350 Router,"A security flaw in the Linksys E5350 WiFi Router allows unauthorized retrieval of sensitive information via the web interface. The /SysInfo.htm URI does not require a session ID, enabling attackers to access critical data, including WPA passwords, SSIDs, and hardware details if remote management is enabled. This vulnerability could be exploited by anyone with internet access to the device, particularly when directly connected to the internet.",Linksys,E5350 Firmware,7.5,HIGH,0.002360000042244792,false,,false,false,false,,,false,false,,2022-09-12T21:17:06.000Z,0
CVE-2022-38555,https://securityvulnerability.io/vulnerability/CVE-2022-38555,Buffer Overflow Vulnerability in Linksys E1200 Routers,"The Linksys E1200 v1.0.04 router is susceptible to a buffer overflow attack via the ej_get_web_page_name function. This vulnerability can allow an attacker to manipulate data beyond the intended buffer limit, potentially leading to arbitrary code execution and compromised router integrity. Users of affected versions should apply mitigations or updates immediately to secure their devices.",Linksys,E1200 Firmware,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,,false,false,,2022-08-28T16:17:46.000Z,0
CVE-2022-38132,https://securityvulnerability.io/vulnerability/CVE-2022-38132,"Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.","Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.",Linksys,Mr8300 Router,8.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-24T00:15:00.000Z,0
CVE-2020-35713,https://securityvulnerability.io/vulnerability/CVE-2020-35713,,Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.,Linksys,Re6500 Firmware,9.8,CRITICAL,0.9643700122833252,false,,false,false,true,2021-01-21T06:39:58.000Z,true,false,false,,2020-12-26T00:47:04.000Z,0
CVE-2020-35714,https://securityvulnerability.io/vulnerability/CVE-2020-35714,,Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.,Linksys,Re6500 Firmware,8.8,HIGH,0.008190000429749489,false,,false,false,false,,,false,false,,2020-12-26T00:46:45.000Z,0
CVE-2020-35715,https://securityvulnerability.io/vulnerability/CVE-2020-35715,,Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.,Linksys,Re6500 Firmware,8.8,HIGH,0.008190000429749489,false,,false,false,false,,,false,false,,2020-12-26T00:46:34.000Z,0
CVE-2020-35716,https://securityvulnerability.io/vulnerability/CVE-2020-35716,,Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.,Linksys,Re6500 Firmware,7.5,HIGH,0.003860000055283308,false,,false,false,false,,,false,false,,2020-12-26T00:46:22.000Z,0
CVE-2009-5140,https://securityvulnerability.io/vulnerability/CVE-2009-5140,,"The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a ""SIP Digest Leak"" issue.",Linksys,Spa2102 Firmware,8.8,HIGH,0.0030300000216811895,false,,false,false,false,,,false,false,,2020-02-12T13:28:56.000Z,0
CVE-2019-16340,https://securityvulnerability.io/vulnerability/CVE-2019-16340,,Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.,Linksys,Velop Whw0303 Firmware,9.8,CRITICAL,0.017869999632239342,false,,false,false,false,,,false,false,,2019-11-21T14:49:17.000Z,0