CVE-2013-3307 | THREATINT

Description

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

PUBLISHED Reserved 2013-04-29 | Published 2025-07-11 | Updated 2025-07-11 | Assigner mitre

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unknown

Any version

affected

Default status

unaffected

Any version before 2.0.05

affected

Default status

unaffected

Any version

affected

References

web.archive.org/...om/spiderlabs/advisories/TWSL2013-008.txt

cve.org (CVE-2013-3307)

nvd.nist.gov (CVE-2013-3307)

Download JSON