cbcvebase.
CVE-2013-2679
published 2020-02-18

CVE-2013-2679: Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web…

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
19.65%
97.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.

Affected

1 ranges
VendorProductVersion rangeFixed in
belkinlinksys_e4200_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/apply.cgi?submit_button=%27%3b%20%3C%2fscript%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E%20%27
path/apply.cgi
path/storage/apply.cgi
  • Monitor HTTP requests to /apply.cgi for XSS payloads in the parameters: log_type, ping_ip, ping_size, submit_type, traceroute_ip
  • Monitor HTTP requests to /storage/apply.cgi for XSS payloads in the parameters: new_workgroup, submit_button
  • Detect URL-encoded script injection patterns (e.g., %3Cscript%3E, %3C%2fscript%3E) in the submit_button parameter of requests to /apply.cgi
  • Exploitation targets Cisco Linksys E4200 running firmware 1.0.05 build 7; alert on web admin interface access from untrusted sources on this firmware version

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.