Samba Symlink Traversal Vulnerability in Linksys EA6500 Router
CVE-2013-4658

9.8CRITICAL

Key Information:

Vendor

Linksys
Status
Ea6500 Firmware
Vendor
CVE Published:
25 October 2019

What is CVE-2013-4658?

The Linksys EA6500 router is vulnerable to a Samba symlink traversal flaw that enables attackers to create symbolic links pointing to files outside of designated Samba shares. This vulnerability can be exploited to gain unauthorized access to sensitive files and directories, thereby potentially compromising the security of the affected network. Proper configurations and security measures are essential to mitigate the risks posed by this issue.

References

https://www.ise.io/casestudies/exploiting-soho-routers/
x_refsource_MISC
https://www.ise.io/soho_service_hacks/
x_refsource_MISC
https://www.ise.io/wp-content/uploads/2017/06/soho_defcon...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.