CVE-2013-3307

HIGH EXPLOITED

Linksys E1000/E1200/E3200 - Command Injection

Title source: llm

Description

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

Exploits (1)

exploitdb WORKING POC

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/26415

View Code ZIP pw:eip

References (1)

[Various Sources] https://web.archive.org/web/20140421001918/https://www.trustwave.com/spiderlabs/advisories/TWSL2013-008.txt

Scores

CVSS v3 8.3

EPSS 0.0259

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Details

VulnCheck KEV 2021-11-11

CWE

CWE-78

Status published

Products (3)

Linksys/E1000 < 2.1.02

Linksys/E1200 < 2.0.05

Linksys/E3200 < 1.0.04

Published Jul 11, 2025

Tracked Since Feb 18, 2026