virus logo Intrusion Prevention

Linksys.Routers.Apply.CGI.Parameters.Multiple.Vulnerabilities

description-logoDescription

This indicates an attack attempt to exploit one or more vulnerabilities in Linksys E1500 / E2500.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when parsing HTTP requests to apply.cgi. In the worse case scenario, a remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Linksys E1500 Firmware-Version v1.0.00 v1.0.04 v1.0.05
Linksys E2500 Firmware-Version v1.0.03
Linksys WRT160Nv2 Firmware-Version v2.0.03 build 009
Linksys X3000 Firmware-Version v1.0.03 build 001

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.s3cur1ty.de/m1adv2013-004 http://www.exploit-db.com/exploits/24478/ http://www.exploit-db.com/exploits/24475/ https://www.exploit-db.com/exploits/26415/
ID 35093
Created Apr 25, 2013
Updated May 25, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2013-3307 CVE-2013-2678
Exploit Prediction Score 92.97%
Default Action drop
Active
Affected OS Other
Affected App Other