Wood1314

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A buffer overflow issue was discovered, where the `page` field is copied to the stack without length verification. This could allow a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is related to the `sub 422eb8` function in the Wi-Fi router's firmware and involves the `strncpy` parameter. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider disabling the `sub 422eb8` function as a temporary workaround until a patch is available. Restrict access to the vulnerable parameter `strncpy` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A command injection issue was discovered, which can be exploited via the `userEmail` variable. This allows for potential unauthorized access and control. **Recommendations** For Linksys E8450 version 1.2.00.360516, as a temporary workaround, consider restricting access to the `userEmail` variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A command injection issue was discovered, allowing attackers to inject malicious commands via the `id email check btn` field. This could potentially grant unauthorized access or control. The vulnerability is related to the lack of protection of the web page structure in the Linksys E8450 Wi-Fi router's firmware. **Recommendations** For version 1.2.00.360516, update to a newer version to prevent potential exploitation. As a temporary workaround, consider restricting access to the `id email check btn` field until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** The issue is related to a buffer overflow vulnerability in the Linksys E8450 Wi-Fi router's firmware. This vulnerability is caused by the lack of size verification when copying input data, specifically the `hidden dhcp num` field, to the stack. An attacker could exploit this vulnerability to cause a denial of service. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider disabling the `strcpy` function or restricting access to the vulnerable `hidden dhcp num` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** The issue is related to a buffer overflow vulnerability in the Linksys E8450 Wi-Fi router's firmware. This vulnerability is caused by the lack of size verification when copying input data, specifically in the `dhcpstart ip` field, which is then copied to the stack. An attacker could exploit this vulnerability to cause a denial of service. **Recommendations** For version 1.2.00.360516, as a temporary workaround, consider restricting access to the vulnerable `dhcpstart ip` field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** The issue is related to a buffer overflow vulnerability. The `anonymous protect status` field is copied to the stack without length verification, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is also associated with the `sub 422eb8` function and the `strncpy` parameter, where the buffer is copied without checking the size of the input data. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider disabling the `sub 422eb8` function or restricting the use of the `anonymous protect status` field until a patch is available. Avoid using the `strncpy` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** The issue is related to a buffer overflow vulnerability. The `ipv6 protect status` field is copied to the stack without length verification, which can lead to a buffer overflow. This potentially allows attackers to execute arbitrary code on the affected device. The vulnerability is related to the function `sub 422eb8` and the use of `strncpy` without checking the size of the input data. **Recommendations** For Linksys E8450 version 1.2.00.360516, as a temporary workaround, consider restricting access to the `ipv6 protect status` field until a patch is available. Additionally, avoid using the `strncpy` function without proper length verification to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A command injection issue was discovered via `wizard status`, allowing for potential exploitation. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider restricting access to the `wizard status` endpoint as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A buffer overflow issue was discovered, where the `lan ipaddr` field is copied to the stack without length verification. This could allow a remote attacker to cause a denial of service. The vulnerability is related to the `sub 422eb8` function and the `strcpy` parameter, which involves copying a buffer without checking the size of the input data. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider disabling the `sub 422eb8` function as a temporary workaround until a patch is available. Restrict access to the `lan ipaddr` field to minimize the risk of exploitation. Avoid using the `strcpy` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linksys E8450 version 1.2.00.360516 **Description** A buffer overflow issue was discovered, where the `action` field is copied to the stack without length verification. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is related to the `sub 422eb8` function in the Wi-Fi router's firmware. **Recommendations** For Linksys E8450 version 1.2.00.360516, consider disabling the `sub 422eb8` function as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `action` field in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.