Directory Traversal Vulnerability in Linksys Router Web Interface
CVE-2013-10062
Key Information:
Badges
What is CVE-2013-10062?
A directory traversal vulnerability has been identified in the web interface of Linksys routers, particularly affecting the E1500 model across several firmware versions. This issue enables authenticated attackers to manipulate the next_page POST parameter in the /apply.cgi endpoint, allowing them to navigate the file system outside the designated web root. Successful exploitation could lead to unauthorized access to sensitive system files and configurations, potentially compromising the security of the router and the network it serves.
Affected Version(s)
E1500 1.0.00
E1500 1.0.04
E1500 1.0.05
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved