1.2 KiB
1.2 KiB
CVE-2013-10062
&color=brightgreen)
Description
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
POC
Reference
- https://www.exploit-db.com/exploits/24475
- https://www.vulncheck.com/advisories/linksys-legacy-routers-path-traversal