Belkin N300

In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.

Published: 2022-05-18T15:52:59.000Z
Updated: 2024-08-03T06:40:47.448Z

The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.

Published: 2014-09-29T22:00:00.000Z
Updated: 2024-08-06T16:00:09.599Z

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."

Published: 2020-02-07T18:03:21.000Z
Updated: 2024-08-06T16:00:09.615Z

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors.

Published: 2014-01-30T15:00:00.000Z
Updated: 2024-08-06T16:00:09.709Z

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.

Published: 2014-09-29T22:00:00.000Z
Updated: 2024-08-06T16:00:09.707Z