Belkin: Security Vulnerabilities
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
CVSS Score
9.8
EPSS Score
0.043
Published
2022-05-18
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine
CVSS Score
8.8
EPSS Score
0.055
Published
2021-02-02
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
8.8
EPSS Score
0.015
Published
2020-10-23
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-02-18
Belkin n750 routers have a buffer overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-13
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
CVSS Score
9.8
EPSS Score
0.05
Published
2020-02-07
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.
CVSS Score
9.8
EPSS Score
0.438
Published
2020-01-28
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
CVSS Score
8.3
EPSS Score
0.002
Published
2020-01-27
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-26
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
CVSS Score
9.8
EPSS Score
0.002
Published
2019-12-26