CVE-2013-10062
published 2025-08-01CVE-2013-10062: A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05)…
PriorityP345medium6.9CVSS 4.0
AVNACLATNPRHUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.34%
67.9th percentile
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | e1500 | — | — |
| linksys | e1500 | — | — |
| linksys | e1500 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /apply.cgi for directory traversal sequences (e.g., ../, ..%2f, %2e%2e%2f) in the 'next_page' POST parameter, which is the exploited parameter in this vulnerability. ↗
- →Target devices are Linksys E1500 routers running firmware versions 1.0.00, 1.0.04, and 1.0.05. Prioritize detection on these specific firmware versions. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability (modules/auxiliary/scanner/http/linksys_e1500_traversal.rb), meaning exploitation attempts may originate from automated Metasploit-based scanning activity. ↗
- ·Exploitation requires prior authentication; unauthenticated attackers cannot directly exploit this vulnerability. Detection logic should account for authenticated sessions when triaging alerts. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linksys_e1500_traversal.rbhttps://web.archive.org/web/20150428184015/http://www.s3cur1ty.de/m1adv2013-004https://www.exploit-db.com/exploits/24475https://www.vulncheck.com/advisories/linksys-legacy-routers-path-traversalhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linksys_e1500_traversal.rbhttps://web.archive.org/web/20150428184015/http://www.s3cur1ty.de/m1adv2013-004https://www.exploit-db.com/exploits/24475
2025-08-01
Published