Local File Inclusion Vulnerability in Cisco Linksys E4200 Routers
CVE-2013-2678

8.1HIGH

Key Information:

Vendor
Cisco
Status
Linksys E4200 Firmware
Vendor
CVE Published:
4 February 2020

Summary

The Cisco Linksys E4200 routers suffer from a Local File Inclusion vulnerability due to improper handling of the submit_type parameter in the apply.cgi script. Attackers can exploit this flaw by crafting specific URL requests, potentially leading to exposure of sensitive information or the execution of arbitrary code. This vulnerability highlights the importance of secure coding practices and prompt updates to device firmware to mitigate risks.

References

http://www.securityfocus.com/bid/59710
vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/25292
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/121551/Cisco-Linksys...
x_refsource_MISC

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.