E7350 Firmware

e7350_firmware

Vendor: Linksys • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-60695 1Linksys 1E7350 Firmware Nov 17, 2025 Nov 13, 2025 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer an...Show more A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution.Show less
CVE-2024-57228 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVE-2024-57227 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVE-2024-57226 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVE-2024-57225 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2024-57224 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVE-2024-57223 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVE-2024-57222 1Linksys 1E7350 Firmware Apr 16, 2025 Jan 10, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.