Local DoS in Velop version 2.1.13.200506 - unknown

In Linksys Velop version 2.1.13.200506 - unknown a Local DoS exists in the MQTT stack that can be attacked via Local network access resulting in Denial of Service...

GSD-2021-1000002 Local DoS in Velop version 2.1.13.200506 - unknown

In Linksys Velop version 2.1.13.200506 - unknown a Local DoS exists in the MQTT stack that can be attacked via Local network access resulting in Denial of Service...

CVE-2019-16340

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...

CVE-2019-16340

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...

Design/Logic Flaw

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...

CVE-2019-16340

Belkin Linksys Velop devices running version 1.1.8.192419 expose a sensitive detail: the recovery key can be obtained by an unauthenticated remote attacker via a direct request to /sysinfo_json.cgi. This CVE (CVE-2019-16340) is documented across multiple sources with the same description, confirm...

CVE-2019-16340

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...

Linksys Velop Command Injection Vulnerability

Belkin Intermational Linksys Velop is a home WiFi wireless networking solution from Belkin Intermational, USA. A command injection vulnerability exists in Belkin Intermational Linksys Velop version 1.1.2.187020. The vulnerability can be exploited to inject commands and gain full root access with...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

Command injection

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...

CVE-2018-17208

Linksys Velop firmware 1.1.2.187020 is affected by an unauthenticated command injection in cgi-bin/zbtest.cgi and cgi-bin/zbtest2.cgi. The root cause is mishandling of shell metacharacters in the query string by ShellExecute, enabling full root access and CSRF exploitation. No patch/version or mi...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...