Linksys: Security Vulnerabilities
PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.
CVSS Score
7.8
EPSS Score
0.015
Published
2006-12-10
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
CVSS Score
8.3
EPSS Score
0.217
Published
2006-11-14
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
CVSS Score
5.0
EPSS Score
0.187
Published
2006-10-10
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-05-24
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
CVSS Score
5.0
EPSS Score
0.031
Published
2006-04-21
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
CVSS Score
5.0
EPSS Score
0.013
Published
2006-03-07
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
CVSS Score
4.0
EPSS Score
0.011
Published
2006-01-19
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
CVSS Score
7.8
EPSS Score
0.008
Published
2005-12-15
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVSS Score
7.5
EPSS Score
0.854
Published
2005-09-15
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-09-14