CVE-2013-2679

Name of the Vulnerable Software and Affected Versions: Cisco Linksys E4200 router version 1.0.05 build 7

Description: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vulnerable parameters. The affected parameters include log type, ping ip, ping size, submit type, traceroute ip, new workgroup, and submit button in the "apply.cgi" or "storage/apply.cgi" API endpoints, such as "apply.cgi" and "storage/apply.cgi".

Recommendations: For version 1.0.05 build 7, consider disabling access to the "apply.cgi" and "storage/apply.cgi" API endpoints until a patch is available. Restrict input for the log type, ping ip, ping size, submit type, traceroute ip, new workgroup, and submit button parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.