CVE-2013-10062

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb
https://web.archive.org/web/20150428184015/http://www.s3cur1ty.de/m1adv2013-004
https://www.exploit-db.com/exploits/24475
https://www.vulncheck.com/advisories/linksys-legacy-routers-path-traversal