CVE-2013-10058

HIGH

Linksys router <v2.0.03 - Command Injection

Title source: llm

Description

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/25608

View Code ZIP pw:eip

exploitdb WORKING POC

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24478

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb

[Various Sources] https://web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/24478

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/25608

[Third Party Advisory] https://www.vulncheck.com/advisories/linksys-legacy-routers-remote-command-injection

Scores

CVSS v4 8.6

EPSS 0.5079

EPSS Percentile 97.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Linksys/WRT160nv2 2.0.03

Published Aug 01, 2025

Tracked Since Feb 18, 2026