CVE-2013-10058
published 2025-08-01CVE-2013-10058: An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the…
PriorityP266high8.6CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.10%
86.1th percentile
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | wrt160nv2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /apply.cgi containing shell metacharacters (e.g., ;, |, &&, `) in the ping_size parameter, which is the injection point for this vulnerability. ↗
- →Detect exploitation attempts by looking for outbound TFTP traffic originating from the router following a POST to /apply.cgi — the exploit stages native payloads via the device's built-in tftp client. ↗
- →Alert on authentication attempts using default credentials admin/admin or admin/password against Linksys WRT160n web interfaces, as exploitation requires valid credentials and these defaults are commonly used. ↗
- ·Exploitation requires valid credentials; the attack surface is limited to authenticated sessions. Changing default credentials (admin/admin or admin/password) significantly reduces risk. ↗
- ·Confirmed affected firmware is v2.0.03 on WRT160Nv2; other Linksys models may also be vulnerable but have not been formally tested. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rbhttps://web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012https://www.exploit-db.com/exploits/24478https://www.exploit-db.com/exploits/25608https://www.vulncheck.com/advisories/linksys-legacy-routers-remote-command-injectionhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rbhttps://web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012https://www.exploit-db.com/exploits/24478https://www.exploit-db.com/exploits/25608
2025-08-01
Published