CVE-2018-3953

CVE-2018-3953/3954/3955 affects Linksys E-Series (E1200 v2.0.09; E2500 v3.0.04). Root cause: OS command injection via nvram_get/nvram_set path triggered after data from the web portal’s Router Name, written to NVRAM and then executed in preinit/start_lltd, affecting hostname and related domain na...

CVE-2018-3955

An exploitable operating system command injection exists in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulti...

CVE-2018-3954

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input fiel...

Linksys ESeries multiple OS command injection vulnerabilities

Summary Multiple exploitable operating system command injections exist in the Linksys ESeries line of routers. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an...

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

Command injection

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

CVE-2016-6558

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...

CVE-2016-6558

CVE-2016-6558 describes a command injection in the ASUS RP-AC52 web interface via apply.cgi, specifically in the action_script parameter. If action_script does not match a hard-coded option, input is passed to system() or eval(), enabling arbitrary commands. Affected firmware is 1.0.1.1s and poss...

VulnCheck KEV: CVE-2013-2679

Multiple cross-site scripting XSS vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the 1 logtype, 2 pingip, 3 pingsize, 4 submittype, or 5 tracerouteip parameter to apply.cgi or 6...

VulnCheck KEV: CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

PT-2018-2660 · Linksys · Linksys E2500 +2

Name of the Vulnerable Software and Affected Versions: Linksys E1200 version 2.0.09 Linksys E2500 version 3.0.04 Description: An operating system command injection exists in the Linksys E-Series line of routers. Specially crafted entries to network configuration information can cause execution of...

PT-2018-2661 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 and earlier Linksys E2500 versions 3.0.04 and earlier Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. Data entered into the...

The vulnerability of the apply.cgi component in ASUS’ microprogramming software for routers allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the apply.cgi component in ASUS router microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the...

The vulnerability of the “/apply.cgi?/lang_check.html” component of the NETGEAR WNR2000v5 router’s embedded software allows a hacker to execute arbitrary code.

The vulnerability of the /apply.cgi?/langcheck.html component in NETGEAR WNR2000v5 router software is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using the “hiddenlangavi” parameter...

VulnCheck KEV: CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi,...

CVE-2017-10677

Cross-Site Request Forgery CSRF exists on Linksys EA4500 devices with Firmware Version before 2.1.41.164606, as demonstrated by a request to apply.cgi to disable SIP...

Remote code execution

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...

CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...