Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-13
Updated
2023-07-21
A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-05-18
Updated
2023-05-26
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
Max CVSS
10.0
EPSS Score
1.43%
Published
2022-05-18
Updated
2022-05-30
** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
9.0
EPSS Score
0.40%
Published
2021-02-02
Updated
2021-02-05
** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Max CVSS
8.8
EPSS Score
0.12%
Published
2020-10-23
Updated
2020-10-27
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.
Max CVSS
7.8
EPSS Score
0.24%
Published
2019-10-12
Updated
2021-07-21
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
Max CVSS
8.3
EPSS Score
0.04%
Published
2020-01-27
Updated
2020-02-04
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
Max CVSS
9.8
EPSS Score
87.78%
Published
2019-06-10
Updated
2020-08-24
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
Max CVSS
10.0
EPSS Score
25.57%
Published
2018-08-21
Updated
2023-01-27
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
Max CVSS
7.5
EPSS Score
2.39%
Published
2018-04-19
Updated
2019-10-03
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Max CVSS
9.8
EPSS Score
54.66%
Published
2018-04-19
Updated
2018-05-18
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Max CVSS
10.0
EPSS Score
54.56%
Published
2018-04-19
Updated
2019-10-03
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
Max CVSS
10.0
EPSS Score
54.56%
Published
2018-04-19
Updated
2019-10-03
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
Max CVSS
9.0
EPSS Score
2.03%
Published
2015-08-13
Updated
2016-12-24
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Max CVSS
7.8
EPSS Score
95.83%
Published
2014-06-19
Updated
2016-12-24

CVE-2014-1635

Public exploit
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
Max CVSS
10.0
EPSS Score
95.62%
Published
2014-11-12
Updated
2016-03-31
Belkin n750 routers have a buffer overflow.
Max CVSS
10.0
EPSS Score
0.34%
Published
2020-02-13
Updated
2020-02-20
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
Max CVSS
10.0
EPSS Score
1.06%
Published
2014-02-22
Updated
2014-03-06
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.
Max CVSS
7.1
EPSS Score
0.06%
Published
2014-02-22
Updated
2014-02-24
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.
Max CVSS
7.8
EPSS Score
0.10%
Published
2014-02-22
Updated
2014-03-06
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
Max CVSS
9.3
EPSS Score
0.73%
Published
2014-02-22
Updated
2014-03-06
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
7.8
EPSS Score
0.28%
Published
2014-02-22
Updated
2014-03-06
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.
Max CVSS
7.8
EPSS Score
0.50%
Published
2019-11-13
Updated
2019-11-14
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
Max CVSS
8.3
EPSS Score
0.41%
Published
2014-09-29
Updated
2014-10-01
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
Max CVSS
10.0
EPSS Score
0.69%
Published
2020-02-07
Updated
2020-02-10
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!