Sign-up

ID

VAR-201302-0561


CVE

CVE-2013-10058


TITLE

Cisco Linksys WRT160N Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 57887 // CNNVD: CNNVD-201302-354

DESCRIPTION

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution. The Cisco Linksys WRT160N is a wireless router device. A directory traversal vulnerability exists in Cisco Linksys WRT160N. An attacker can send a specially crafted URL request containing a \"dot\" sequence (/.. /) in the next_page parameter to view any file on the system. A remote command-execution vulnerability 2. A directory-traversal vulnerability 3. A cross-site request-forgery vulnerability 4

Trust: 3.33

sources: NVD: CVE-2013-10058 // CNVD: CNVD-2013-01009 // CNVD: CNVD-2013-01014 // CNVD: CNVD-2013-01012 // CNVD: CNVD-2013-01016 // BID: 57887

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 2.4

sources: CNVD: CNVD-2013-01009 // CNVD: CNVD-2013-01014 // CNVD: CNVD-2013-01012 // CNVD: CNVD-2013-01016

AFFECTED PRODUCTS

vendor:ciscomodel:linksys wrt160n buildscope:eqversion:2.0.03009

Trust: 2.4

sources: CNVD: CNVD-2013-01009 // CNVD: CNVD-2013-01014 // CNVD: CNVD-2013-01012 // CNVD: CNVD-2013-01016

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com: CVE-2013-10058
value: HIGH

Trust: 1.0

sources: NVD: CVE-2013-10058

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2013-10058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-354

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 57887

EXTERNAL IDS

db:EXPLOIT-DBid:24478

Trust: 3.4

db:BIDid:57887

Trust: 3.3

db:EXPLOIT-DBid:25608

Trust: 1.0

db:NVDid:CVE-2013-10058

Trust: 1.0

db:CNVDid:CNVD-2013-01009

Trust: 0.6

db:CNVDid:CNVD-2013-01014

Trust: 0.6

db:CNVDid:CNVD-2013-01012

Trust: 0.6

db:CNVDid:CNVD-2013-01016

Trust: 0.6

db:CNNVDid:CNNVD-201302-354

Trust: 0.6

sources: CNVD: CNVD-2013-01009 // CNVD: CNVD-2013-01014 // CNVD: CNVD-2013-01012 // CNVD: CNVD-2013-01016 // BID: 57887 // CNNVD: CNNVD-201302-354 // NVD: CVE-2013-10058

REFERENCES

url:http://www.exploit-db.com/exploits/24478/http

Trust: 2.4

url:https://web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012

Trust: 1.0

url:https://www.exploit-db.com/exploits/25608

Trust: 1.0

url:https://www.vulncheck.com/advisories/linksys-legacy-routers-remote-command-injection

Trust: 1.0

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb

Trust: 1.0

url:https://www.exploit-db.com/exploits/24478

Trust: 1.0

url:http://www.securityfocus.com/bid/57887

Trust: 0.6

sources: CNVD: CNVD-2013-01009 // CNVD: CNVD-2013-01014 // CNVD: CNVD-2013-01012 // CNVD: CNVD-2013-01016 // CNNVD: CNNVD-201302-354 // NVD: CVE-2013-10058

CREDITS

Michael Messner

Trust: 0.9

sources: BID: 57887 // CNNVD: CNNVD-201302-354

SOURCES

db:CNVDid:CNVD-2013-01009
db:CNVDid:CNVD-2013-01014
db:CNVDid:CNVD-2013-01012
db:CNVDid:CNVD-2013-01016
db:BIDid:57887
db:CNNVDid:CNNVD-201302-354
db:NVDid:CVE-2013-10058

LAST UPDATE DATE

2025-08-06T23:24:33.105000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01009date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01014date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01012date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01016date:2013-02-19T00:00:00
db:BIDid:57887date:2013-05-21T07:53:00
db:CNNVDid:CNNVD-201302-354date:2013-02-22T00:00:00
db:NVDid:CVE-2013-10058date:2025-08-06T14:15:35.933

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-01009date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01014date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01012date:2013-02-19T00:00:00
db:CNVDid:CNVD-2013-01016date:2013-02-19T00:00:00
db:BIDid:57887date:2013-02-11T00:00:00
db:CNNVDid:CNNVD-201302-354date:2013-02-22T00:00:00
db:NVDid:CVE-2013-10058date:2025-08-01T21:15:27.833