Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.
CVE-2025-45487
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.
CVE-2025-45488
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
CVE-2025-29228
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
CVE-2025-45490
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
CVE-2024-57225
CRITICAL CVSS 9.8
Find Similar
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVE-2025-45489
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
CVE-2025-45491
CRITICAL CVSS 9.8
Find Similar
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVE-2024-57223
CRITICAL CVSS 9.8
Find Similar
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails t
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.
A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
Page 1+ Next →