Back to search
CVE-2013-10062
Published: Aug 1, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
| Vendor | Product | Versions |
|---|---|---|
Linksys | E1500 | affected 1.0.00affected 1.0.04affected 1.0.05 |
Weaknesses (CWE)
References
https://web.archive.org/web/20150428184015/http://www.s3cur1ty.de/m1adv2013-004
technical-description
exploit
https://www.vulncheck.com/advisories/linksys-legacy-routers-path-traversal
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now