CVE-2013-2679
published 2020-02-18CVE-2013-2679: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web…
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
19.65%
97.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | linksys_e4200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com/apply.cgi?submit_button=%27%3b%20%3C%2fscript%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E%20%27↗
- →Monitor HTTP requests to /apply.cgi for XSS payloads in the parameters: log_type, ping_ip, ping_size, submit_type, traceroute_ip ↗
- →Monitor HTTP requests to /storage/apply.cgi for XSS payloads in the parameters: new_workgroup, submit_button ↗
- →Detect URL-encoded script injection patterns (e.g., %3Cscript%3E, %3C%2fscript%3E) in the submit_button parameter of requests to /apply.cgi ↗
- →Exploitation targets Cisco Linksys E4200 running firmware 1.0.05 build 7; alert on web admin interface access from untrusted sources on this firmware version ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vc4-43gp-qqx6: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1
ghsa_unreviewed·2022-05-05
CVE-2013-2679 [MEDIUM] GHSA-9vc4-43gp-qqx6: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
VulnCheck
belkin linksys_e4200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2013·CVSS 6.1
CVE-2013-2679 [MEDIUM] belkin linksys_e4200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
belkin linksys_e4200_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
Affected: belkin linksys_e4200_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trendmicro.com/en_us/research/18/g/vpnfilter-affected-devices-still-riddled-with-19-vulner
No detection rules found.
Exploit-DB
Cisco Linksys E4200 - Multiple Vulnerabilities
exploitdb·2013-05-07·CVSS 8.1
CVE-2013-2684 [HIGH] Cisco Linksys E4200 - Multiple Vulnerabilities
Cisco Linksys E4200 - Multiple Vulnerabilities
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
XSS, LFI in Cisco, Linksys E4200 Firmware
URL: http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html
January 30, 2013
Keywords
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,
Zero Day, Cisco, Linksys, E4200, Wireless Router, cyberTAN Corp
CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682,
CVE-2013-2683, CVE-2013-2684
Summary
Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router
Firmware Version: 1.0.05 build 7 were discovered by our Researchers in
January 2013 and finally acknowledged by Linksys in April 2013. The Vendor
is unable to Patch the Vulnerability in a reasonable timeframe. This
docu
Exploit-DB
Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2013-04-27
CVE-2013-2679 Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities
Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/59558/info
The Cisco Linksys E1200 N300 router is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Cisco Linksys E1200 N300 running firmware 2.0.04 is vulnerable.
http://www.example.com/apply.cgi?submit_button=%27%3b%20%3C%2fscript%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E%20%27
http://www.example.com/apply.cgi?submit_button=index%27%3b%20%3c%2f%73%63%72%69
Exploit-DB
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
exploitdb·2013-01-18
CVE-2013-2679 Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
---
Device Name: Linksys WRT54GL v1.1
Vendor: Linksys/Cisco
============ Vulnerable Firmware Releases: ============
Firmware Version: 4.30.15 build 2, 01/20/2011
============ Device Description: ============
The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps, or through one of its four switched ports. You can also use the Router to share resources such as computers, printers and files. A variety of security features help to protect your data and your privacy while online. Security features include WPA2 security, a Stateful Packet Inspection (SPI) firewall and NAT technology. Configuring the Router is easy using the provided browser-based utility.
Source: http://homesupport.
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee Jul 13, 2018 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
# VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee
2018/07/13
Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee 2018/07/13 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
http://osvdb.org/93059http://osvdb.org/93060http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84069http://osvdb.org/93059http://osvdb.org/93060http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84069
2020-02-18
Published
Exploited in the wild