What is the CVSS score of EUVD-2013-3243?

EUVD-2013-3243 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L. EPSS exploitation probability: 2.6%.

Is there a public PoC exploit available for EUVD-2013-3243?

Yes, a public proof-of-concept exploit is available for EUVD-2013-3243. Prioritise patching immediately. EPSS: 2.6%.

How to fix or mitigate EUVD-2013-3243?

Within 24 hours: Identify all Linksys E1000, E1200, and E3200 routers in use via network scanning and device inventory tools. Within 7 days: Apply vendor patches immediately-E1000 to v2.1.03 or later, E1200 to v2.0.05 or later, E3200 to v1.0.05 or later. For devices where patching is infeasible, isolate from critical networks or replace with current-generation equipment. Within 30 days: Audit network access logs for exploitation attempts to port 52000 and verify all affected devices have been patched or decommissioned.

EUVD-2013-3243

| CVE-2013-3307 HIGH

OS Command Injection (CWE-78)

2025-07-11 cve@mitre.org

Command Injection

8.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.3 HIGH

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:27 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2.0.05

EUVD ID Assigned

Mar 16, 2026 - 08:18 euvd

EUVD-2013-3243

Analysis Generated

Mar 16, 2026 - 08:18 vuln.today

PoC Detected

Jul 15, 2025 - 13:14 vuln.today

Public exploit code

CVE Published

Jul 11, 2025 - 19:15 nvd

HIGH 8.3

DescriptionCVE.org

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

AnalysisAI

CVE-2013-3307 is an OS command injection vulnerability in Linksys wireless routers (E1000, E1200, E3200) that allows unauthenticated remote attackers to execute arbitrary shell commands via unsanitized input in the ping_ip parameter of apply.cgi on port 52000. The vulnerability affects E1000 through v2.1.02, E1200 before v2.0.05, and E3200 through v1.0.04, with a CVSS score of 8.3 reflecting high severity. This vulnerability has known public exploits and represents a critical remote code execution risk on home/small business networking equipment with no authentication required.

Technical ContextAI

The vulnerability exists in the web management interface of Linksys wireless routers, specifically in the apply.cgi script which handles device configuration. The ping_ip parameter, intended to accept an IP address for ping diagnostics, fails to properly sanitize shell metacharacters (such as |, &, ;, $()), allowing attackers to inject arbitrary commands. This is a classic CWE-78 (Improper Neutralization of Special Elements used in an OS Command) vulnerability where user input is passed directly to system command execution functions without filtering. The affected devices run embedded Linux-based firmware accessible via HTTP on port 52000 (typically the internal management port). The root cause is the lack of input validation/sanitization before passing user-controlled data to shell execution functions like system() or similar OS command APIs.

RemediationAI

Patch immediately to: Linksys E1000 firmware 2.1.03 or later; Linksys E1200 firmware 2.0.05 or later; Linksys E3200 firmware 1.0.05 or later. Patches are available from Linksys support pages (historically at support.linksys.com/en-us). For devices no longer receiving updates from manufacturer, implement network segmentation: (1) Restrict access to port 52000 (management interface) via firewall rules to trusted internal networks only; (2) Disable remote management features if enabled; (3) Consider replacing end-of-life devices with current-generation equipment receiving security updates. Temporary mitigation (if patching is delayed) includes WAF/reverse proxy rules blocking requests with shell metacharacters in the ping_ip parameter, though this does not address the root cause.

EUVD-2013-3243 vulnerability details – vuln.today

Back

EUVD-2013-3243

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code