A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-05-18
Updated
2023-05-26
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
Max CVSS
10.0
EPSS Score
1.43%
Published
2022-05-18
Updated
2022-05-30
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine
Max CVSS
9.0
EPSS Score
0.40%
Published
2021-02-02
Updated
2024-03-21
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
8.8
EPSS Score
0.12%
Published
2020-10-23
Updated
2024-03-21
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
Max CVSS
8.3
EPSS Score
0.04%
Published
2020-01-27
Updated
2020-02-04
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
Max CVSS
9.8
EPSS Score
87.78%
Published
2019-06-10
Updated
2020-08-24
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
Max CVSS
10.0
EPSS Score
25.57%
Published
2018-08-21
Updated
2023-01-27
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Max CVSS
9.8
EPSS Score
54.66%
Published
2018-04-19
Updated
2018-05-18
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Max CVSS
10.0
EPSS Score
54.56%
Published
2018-04-19
Updated
2019-10-03
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
Max CVSS
10.0
EPSS Score
54.56%
Published
2018-04-19
Updated
2019-10-03
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
Max CVSS
9.0
EPSS Score
2.03%
Published
2015-08-13
Updated
2016-12-24

CVE-2014-1635

Public exploit
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
Max CVSS
10.0
EPSS Score
95.62%
Published
2014-11-12
Updated
2016-03-31
Belkin n750 routers have a buffer overflow.
Max CVSS
10.0
EPSS Score
0.34%
Published
2020-02-13
Updated
2020-02-20
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
Max CVSS
10.0
EPSS Score
1.06%
Published
2014-02-22
Updated
2014-03-06
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
Max CVSS
9.3
EPSS Score
0.73%
Published
2014-02-22
Updated
2014-03-06
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
Max CVSS
8.3
EPSS Score
0.41%
Published
2014-09-29
Updated
2014-10-01
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
Max CVSS
10.0
EPSS Score
0.69%
Published
2020-02-07
Updated
2020-02-10
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
Max CVSS
9.8
EPSS Score
0.33%
Published
2019-12-26
Updated
2020-01-16
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-12-26
Updated
2020-01-09
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.
Max CVSS
9.8
EPSS Score
14.36%
Published
2020-01-28
Updated
2020-02-05
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
Max CVSS
10.0
EPSS Score
0.52%
Published
2009-08-28
Updated
2017-09-29
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
Max CVSS
10.0
EPSS Score
1.95%
Published
2008-03-10
Updated
2018-10-11
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user, a different vulnerability than CVE-2005-3802.
Max CVSS
10.0
EPSS Score
0.83%
Published
2008-03-10
Updated
2018-10-11
23 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!