cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-1406,https://securityvulnerability.io/vulnerability/CVE-2024-1406,Linksys WRT54GL Vulnerability: Information Disclosure Risk,A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Linksys,Wrt54gl,4.3,MEDIUM,0.00046999999904073775,false,false,false,true,true,false,false,2024-02-10T07:31:04.055Z,0 CVE-2024-1405,https://securityvulnerability.io/vulnerability/CVE-2024-1405,Linksys WRT54GL Vulnerability: Information Disclosure Risk,A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Linksys,WRT54GL,4.3,MEDIUM,0.0005300000193528831,false,false,false,true,true,false,false,2024-02-10T05:31:03.693Z,0 CVE-2024-1404,https://securityvulnerability.io/vulnerability/CVE-2024-1404,Unknown Functionality Vulnerability in Linksys WRT54GL Could Lead to Information Disclosure,"A vulnerability has been identified in the Linksys WRT54GL version 4.30.18, specifically within the Web Management Interface's /SysInfo.htm component, posing a risk of information disclosure. Malicious actors may exploit this vulnerability to gain unauthorized access to sensitive information. Despite early engagement, the vendor has not addressed this issue or provided any response regarding the vulnerability disclosure. Users of the affected model should take precautionary measures to secure their devices and monitor for potential exploits.",Linksys,WRT54GL,7.5,HIGH,0.001769999973475933,false,false,false,true,true,false,false,2024-02-09T22:31:04.132Z,0 CVE-2023-31742,https://securityvulnerability.io/vulnerability/CVE-2023-31742,Command Injection Vulnerability in Linksys WRT54GL Router,"A command injection vulnerability exists in the Linksys WRT54GL router with firmware version 4.30.18.006. When a malicious actor gains web management access, they can exploit this vulnerability by injecting commands through specific POST request parameters, potentially leading to unauthorized shell access. This can pose significant security risks as it may allow attackers to alter the router's configuration or execute arbitrary commands.",Linksys,Wrt54gl Firmware,7.2,HIGH,0.01271000038832426,false,false,false,false,,false,false,2023-05-22T00:00:00.000Z,0 CVE-2022-43973,https://securityvulnerability.io/vulnerability/CVE-2022-43973,Arbitrary code execution in Linksys WRT54GL,"An arbitrary code execution vulnerability has been identified in the Linksys WRT54GL Wireless-G Broadband Router running firmware versions 4.30.18.006 and earlier. This issue arises from the Check_TSSI function within the httpd binary, where unvalidated user input can be manipulated to construct a system command. An authenticated attacker with administrative privileges can exploit this vulnerability by sending a crafted POST request to /apply.cgi. By doing so, they can execute arbitrary commands on the underlying Linux operating system with root privileges, potentially compromising the entire system.",Linksys,Wrt54gl Wireless-g Broadband Router,7.2,HIGH,0.009080000221729279,false,false,false,false,,false,false,2023-01-09T00:00:00.000Z,0 CVE-2022-43970,https://securityvulnerability.io/vulnerability/CVE-2022-43970,Buffer overflow in Linksys WRT54GL,"A buffer overflow flaw exists in the Linksys WRT54GL Wireless-G Broadband Router, specifically in the Start_EPI function within the httpd binary. This vulnerability allows an authenticated attacker with administrator privileges to execute arbitrary commands on the Linux operating system as root. The exploit can be executed over the network by sending a specially crafted POST request to the /apply.cgi endpoint, potentially compromising the device's security and integrity. Users should ensure their firmware is updated to mitigate this risk.",Linksys,Wrt54gl Wireless-g Broadband Router,7.2,HIGH,0.005309999920427799,false,false,false,false,,false,false,2023-01-09T00:00:00.000Z,0 CVE-2022-43972,https://securityvulnerability.io/vulnerability/CVE-2022-43972,Null pointer dereference in Linksys WRT54GL,A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.,Linksys,Wrt54gl Wireless-g Broadband Router,6.5,MEDIUM,0.001129999989643693,false,false,false,false,,false,false,2023-01-09T00:00:00.000Z,0 CVE-2009-3341,https://securityvulnerability.io/vulnerability/CVE-2009-3341,,"Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.",Linksys,Wrt54gl,,,0.02631000056862831,false,false,false,false,,false,false,2009-09-24T16:30:00.000Z,0 CVE-2008-0228,https://securityvulnerability.io/vulnerability/CVE-2008-0228,,Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.,Linksys,Wrt54gl,,,0.0024300001095980406,false,false,false,true,true,false,false,2008-01-10T23:00:00.000Z,0