Shodan
Vulnerabilities
Vulnerable Software
Linksys:  Security Vulnerabilities
CVE-2022-24372
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
CVSS Score
4.6
EPSS Score
0.001
Published
2022-04-27
CVE-2020-35713
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
CVSS Score
9.8
EPSS Score
0.936
Published
2020-12-26
CVE-2020-35714
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.
CVSS Score
8.8
EPSS Score
0.043
Published
2020-12-26
CVE-2020-35715
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.
CVSS Score
8.8
EPSS Score
0.04
Published
2020-12-26
CVE-2020-35716
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-12-26
CVE-2009-5140
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-02-12
CVE-2013-3067
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-07
CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-11-21
CVE-2013-4658
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-10-25
CVE-2019-11535
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
CVSS Score
9.8
EPSS Score
0.034
Published
2019-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved