CVE-2013-10062

MEDIUM

Linksys router <1.0.00-1.0.05 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10062. PoCs published by m-1-k-3, including Metasploit module auxiliary/scanner/http/linksys_e1500_traversal.

AI-analyzed exploit summary This exploit demonstrates an OS command injection vulnerability in Linksys E1500/E2500 routers via the `ping_size` parameter in `apply.cgi`, allowing arbitrary command execution. It also includes examples of directory traversal, CSRF, XSS, and password change vulnerabilities.

Description

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.

Exploits (2)

exploitdb WORKING POC VERIFIED

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24475

View Code ZIP pw:eip

This exploit demonstrates an OS command injection vulnerability in Linksys E1500/E2500 routers via the `ping_size` parameter in `apply.cgi`, allowing arbitrary command execution. It also includes examples of directory traversal, CSRF, XSS, and password change vulnerabilities.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Linksys E1500/E2500 firmware versions v1.0.00 - v1.0.05

Auth required

Prerequisites: Authentication credentials · Network access to the router's web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Linksys E1500 routers by sending crafted POST requests to 'apply.cgi' with traversal sequences. It attempts to read sensitive files from the filesystem after authenticating with provided credentials.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Linksys E1500 router firmware

Auth required

Prerequisites: Valid admin credentials for the router · Network access to the router's web interface

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/linksys_e1500_traversal.rb

Various Sources technical-description exploit

https://web.archive.org/web/20150428184015/http://www.s3cur1ty.de/m1adv2013-004

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/24475

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/linksys-legacy-routers-path-traversal

Scores

CVSS v4 6.9

EPSS 0.0134

EPSS Percentile 67.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

Linksys/E1500 1.0.00

Linksys/E1500 1.0.04

Linksys/E1500 1.0.05

Published Aug 01, 2025

Tracked Since Feb 18, 2026