CVE-2013-2679

EPSS 19.6%

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencepacketstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.htmlunverified exploitdbwww.exploit-db.com/exploits/38501unverified exploitdbwww.exploit-db.com/exploits/25292unverified exploitdbwww.exploit-db.com/exploits/24202unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/93059 http://osvdb.org/93060 http://packetstormsecurity.com/files/121551/Cisco-Linksys-E4200-Cross-Site-Scripting-Local-File-Inclusion.html https://exchange.xforce.ibmcloud.com/vulnerabilities/84069 http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html