Intrusion Prevention

Linksys.Routers.Apply.CGI.Parameters.Multiple.Vulnerabilities

Description

This indicates an attack attempt to exploit one or more vulnerabilities in Linksys E1500 / E2500.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when parsing HTTP requests to apply.cgi. In the worse case scenario, a remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.

Affected Products

Linksys E1500 Firmware-Version v1.0.00 v1.0.04 v1.0.05
Linksys E2500 Firmware-Version v1.0.03
Linksys WRT160Nv2 Firmware-Version v2.0.03 build 009

Impact

System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References

CVE-2013-2678