23 matches found
CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...
EUVD-2019-7117
Malware in sbrugna...
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 WHW01v1 1.1.13.202617 allows attackers to escalate privileges from Guest to root...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2018-17208
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2024-40750
CVE-2024-40750 concerns Linksys Velop Pro 6E devices (versions 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314). The issue is that during app-based installation, cleartext Wi‑Fi passwords are transmitted over the public Internet. Root cause details are not fully specified in the provided documents,...
Linksys Velop Pro 6E Security Vulnerability
The Linksys Velop Pro 6E is a wireless router from Linksys. A security vulnerability exists in Linksys Velop Pro 6E versions 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314, which originates from a plaintext Wi-Fi password being sent over the public Internet during an application-based installation...
PT-2024-29027 · Linksys · Linksys Velop Pro 6E
Name of the Vulnerable Software and Affected Versions: Linksys Velop Pro 6E version 1.0.8 Linksys Velop Pro 6E version 1.0.10.215314 Description: The issue concerns Linksys Velop Pro 6E devices sending cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2024-40750
Linksys Velop Pro 6E 1.0.8 MX62001.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation...
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 WHW01v1 1.1.13.202617 allows attackers to escalate privileges from Guest to root...
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 WHW01v1 1.1.13.202617 allows attackers to escalate privileges from Guest to root...
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 WHW01v1 1.1.13.202617 allows attackers to escalate privileges from Guest to root...
CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 WHW01v1 1.1.13.202617 allows attackers to escalate privileges from Guest to root...
Linksys Velop WiFi Security Breach
Linksys Velop WiFi is a router from Linksys USA. A security vulnerability exists in Linksys Velop WiFi version 5 WHW01v1 1.1.13.202617, which originated from a vulnerability that allows an attacker to elevate privileges from Guest to root via directory traversal...
CVE-2024-36821
CVE-2024-36821 affects Linksys Velop WiFi 5 (WHW01v1) with firmware 1.1.13.202617. The Red Hat and NVD entries describe insecure permissions that permit escalation from Guest to root, indicating a privilege-escalation vulnerability. The exact vulnerable component is a permissions/authorization is...
PT-2024-27170 · Linksys · Linksys Velop Wifi 5
Name of the Vulnerable Software and Affected Versions: Linksys Velop WiFi 5 WHW01v1 version 1.1.13.202617 Description: The issue is related to insecure permissions, allowing attackers to escalate privileges from Guest to root. Recommendations: For version 1.1.13.202617, at the moment, there is no...
Design/Logic Flaw
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...
Linksys Velop Command Injection Vulnerability
Belkin Intermational Linksys Velop is a home WiFi wireless networking solution from Belkin Intermational, USA. A command injection vulnerability exists in Belkin Intermational Linksys Velop version 1.1.2.187020. The vulnerability can be exploited to inject commands and gain full root access with...
Command injection
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...