CVE-2013-10058

Linksys Routers apply.cgi Remote Command Injection

Description

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.

INFO

Published Date :

2025-08-01T20:44:51.202Z

Last Modified :

2025-08-01T20:44:51.202Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2013-10058 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2013-10058.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/linksys_wrt160nv2_apply_exec.rb
https://web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012
https://www.exploit-db.com/exploits/24478
https://www.exploit-db.com/exploits/25608
https://www.vulncheck.com/advisories/linksys-legacy-routers-remote-command-injection

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability