Linksys

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-1263 1Linksys 1Wrt54g Apr 23, 2026 Mar 10, 2008 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
CVE-2008-1247 1Linksys 1Wrt54g Apr 23, 2026 Mar 10, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1...Show more The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.Show less
CVE-2008-1243 1Linksys 1Wrt300n Apr 23, 2026 Mar 10, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_do...Show more Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.Show less
CVE-2008-0228 1Linksys 1Wrt54gl Apr 23, 2026 Jan 10, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
CVE-2007-5411 1Linksys 1Spa941 Apr 23, 2026 Oct 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.
CVE-2007-3574 1Linksys 1Wag54gs Apr 23, 2026 Jul 5, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_tra...Show more Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.Show less
CVE-2007-2270 1Linksys 1Spa941 Apr 23, 2026 Apr 25, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVE-2007-1585 1Linksys 2Wag200g Wrt54gc Apr 23, 2026 Mar 21, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a pa...Show more The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information.Show less
CVE-2006-7121 1Linksys 1Spa921 Apr 23, 2026 Mar 6, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
CVE-2006-6411 1Linksys 1Wip 330 Wireless G Ip Phone Apr 23, 2026 Dec 10, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.
CVE-2006-5882 2Broadcom Linksys 2Bcmwl5.sys Wireless Device Driver Wpc300n Wireless N Notebook Adapter Driver Apr 23, 2026 Nov 14, 2006 N/A· v4 N/A· v3 8.3 HIGH· v2 Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to exec...Show more Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.Show less
CVE-2006-5202 1Linksys 1Wrt54g Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using...Show more Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.Show less
CVE-2006-2559 1Linksys 2Wrt54g Wrt54g V5 Apr 16, 2026 May 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as...Show more Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.Show less
CVE-2006-1973 1Linksys 1Rt31p2 Apr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
CVE-2006-1067 1Linksys 1Wrt54g V5 Apr 16, 2026 Mar 7, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to t...Show more Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.Show less
CVE-2006-0309 1Linksys 1Befvp41 Apr 16, 2026 Jan 19, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
CVE-2005-4257 1Linksys 4Befw11s4 Befw11s4 V3Befw11s4 V4+1 more Apr 16, 2026 Dec 15, 2005 N/A· v4 N/A· v3 7.8 HIGH· v2 Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the proven...Show more Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.Show less
CVE-2005-2799 1Linksys 1Wrt54g Apr 16, 2026 Sep 15, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVE-2005-2916 1Linksys 1Wrt54g Apr 16, 2026 Sep 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify conf...Show more Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.Show less
CVE-2005-2915 1Linksys 1Wrt54g Apr 16, 2026 Sep 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which co...Show more ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.Show less

Previous 1...8 91011 12 Next