Linksys Wrt54G vulnerabilities
12 known vulnerabilities affecting linksys/wrt54g.
Total CVEs
12
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2024-8408MEDIUMCVSS 5.3v4.21.52024-09-04
CVE-2024-8408 [MEDIUM] CWE-121 CVE-2024-8408: A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been d
cvelistv5nvd
CVE-2011-4499HIGHCVSS 7.5v2.22011-11-22
CVE-2011-4499 [HIGH] CWE-16 CVE-2011-4499: The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware bef
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related t
nvd
CVE-2008-1268CRITICALCVSS 10.0v72008-03-10
CVE-2008-1268 [CRITICAL] CWE-287 CVE-2008-1268: The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication cr
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
nvd
CVE-2006-5202MEDIUMCVSS 5.0PoCv1.00.92006-10-10
CVE-2006-5202 [MEDIUM] CVE-2006-5202: Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
nvd
CVE-2006-2559HIGHCVSS 7.5v1.42.3v2.00.8+6 more2006-05-24
CVE-2006-2559 [HIGH] CVE-2006-2559: Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
nvd
CVE-2005-2799HIGHCVSS 7.5PoCv3.01.3v3.03.62005-09-15
CVE-2005-2799 [HIGH] CVE-2005-2799: Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
nvd
CVE-2005-2914HIGHCVSS 7.5v2.04.4v3.01.3+1 more2005-09-14
CVE-2005-2914 [HIGH] CVE-2005-2914: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and pos
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
nvd
CVE-2005-2912MEDIUMCVSS 5.0v3.01.3v3.03.6+1 more2005-09-14
CVE-2005-2912 [MEDIUM] CVE-2005-2912: Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and serv
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
nvd
CVE-2005-2915MEDIUMCVSS 5.0v2.04.4_non_defaultv3.01.3+1 more2005-09-14
CVE-2005-2915 [MEDIUM] CVE-2005-2915: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and pos
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
nvd
CVE-2005-2916MEDIUMCVSS 5.0v3.01.3v3.03.6+1 more2005-09-14
CVE-2005-2916 [MEDIUM] CVE-2005-2916: Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify u
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
nvd
CVE-2004-2606HIGHCVSS 7.5v2.02.72004-12-31
CVE-2004-2606 [HIGH] CVE-2004-2606: The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
nvd
CVE-2004-0580MEDIUMCVSS 5.0PoCv1.42.3v2.00.82004-08-06
CVE-2004-0580 [MEDIUM] CVE-2004-0580: DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7,
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
nvd