PT-2025-31696 · Linksys · Linksys Routers
Published
2012-10-21
·
Updated
2025-08-01
·
CVE-2013-10062
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Linksys router versions 1.0.00, 1.0.04, and 1.0.05
Description
A directory traversal vulnerability exists in the web interface, specifically in the
/apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences, potentially exposing sensitive system files and configuration data.Recommendations
Linksys router version 1.0.00: Update to a newer firmware version.
Linksys router version 1.0.04: Update to a newer firmware version.
Linksys router version 1.0.05: Update to a newer firmware version.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linksys Routers