CVE-2013-3307

| EUVD-2013-3243 HIGH
2025-07-11 [email protected]
8.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 08:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 08:18 euvd
EUVD-2013-3243
PoC Detected
Jul 15, 2025 - 13:14 vuln.today
Public exploit code
CVE Published
Jul 11, 2025 - 19:15 nvd
HIGH 8.3

Tags

Command Injection

Description

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

Analysis

CVE-2013-3307 is an OS command injection vulnerability in Linksys wireless routers (E1000, E1200, E3200) that allows unauthenticated remote attackers to execute arbitrary shell commands via unsanitized input in the ping_ip parameter of apply.cgi on port 52000. The vulnerability affects E1000 through v2.1.02, E1200 before v2.0.05, and E3200 through v1.0.04, with a CVSS score of 8.3 reflecting high severity. This vulnerability has known public exploits and represents a critical remote code execution risk on home/small business networking equipment with no authentication required.

Technical Context

The vulnerability exists in the web management interface of Linksys wireless routers, specifically in the apply.cgi script which handles device configuration. The ping_ip parameter, intended to accept an IP address for ping diagnostics, fails to properly sanitize shell metacharacters (such as |, &, ;, $()), allowing attackers to inject arbitrary commands. This is a classic CWE-78 (Improper Neutralization of Special Elements used in an OS Command) vulnerability where user input is passed directly to system command execution functions without filtering. The affected devices run embedded Linux-based firmware accessible via HTTP on port 52000 (typically the internal management port). The root cause is the lack of input validation/sanitization before passing user-controlled data to shell execution functions like system() or similar OS command APIs.

Affected Products

Linksys E1000 wireless router: versions through 2.1.02; Linksys E1200 wireless router: versions before 2.0.05 (vulnerable versions: ≤2.0.04); Linksys E3200 wireless router: versions through 1.0.04. CPE identifiers: cpe:2.3:h:linksys:e1000:*:*:*:*:*:*:*:* (versions ≤2.1.02), cpe:2.3:h:linksys:e1200:*:*:*:*:*:*:*:* (versions <2.0.05), cpe:2.3:h:linksys:e3200:*:*:*:*:*:*:*:* (versions ≤1.0.04). Firmware versions are the primary attack surface; the vulnerability affects stock firmware across all regional variants of these devices.

Remediation

Patch immediately to: Linksys E1000 firmware 2.1.03 or later; Linksys E1200 firmware 2.0.05 or later; Linksys E3200 firmware 1.0.05 or later. Patches are available from Linksys support pages (historically at support.linksys.com/en-us). For devices no longer receiving updates from manufacturer, implement network segmentation: (1) Restrict access to port 52000 (management interface) via firewall rules to trusted internal networks only; (2) Disable remote management features if enabled; (3) Consider replacing end-of-life devices with current-generation equipment receiving security updates. Temporary mitigation (if patching is delayed) includes WAF/reverse proxy rules blocking requests with shell metacharacters in the ping_ip parameter, though this does not address the root cause.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +2.6
CVSS: +42
POC: +20

Share

CVE-2013-3307 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy