CVE-2013-10062 | THREATINT

Description

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.

PUBLISHED Reserved 2025-08-01 | Published 2025-08-01 | Updated 2026-04-07 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

1.0.00

affected

1.0.04

affected

1.0.05

affected

Credits

Michael Messner finder

References

web.archive.org/...4015/http://www.s3cur1ty.de/m1adv2013-004 exploit

www.exploit-db.com/exploits/24475 exploit

raw.githubusercontent.com/...http/linksys_e1500_traversal.rb exploit

raw.githubusercontent.com/...http/linksys_e1500_traversal.rb exploit

www.exploit-db.com/exploits/24475 exploit

web.archive.org/...4015/http://www.s3cur1ty.de/m1adv2013-004 technical-description exploit

www.vulncheck.com/...s/linksys-legacy-routers-path-traversal third-party-advisory

cve.org (CVE-2013-10062)

nvd.nist.gov (CVE-2013-10062)

Download JSON

help @ threatint.eu