CNNVD-202507-1633 Information
CNNVD ID
CNNVD-202507-1633
Related CVE
- CNNVD Published: 2025-07-11
Description (Chinese)
Linksys E1000等都是美国Linksys公司的一款路由器。 Linksys多款产品存在操作系统命令注入漏洞,该漏洞源于TCP端口52000上apply.cgi的ping_ip参数存在shell元字符,可能导致OS命令注入。以下产品和版本受到影响:Linksys E1000 2.1.02及之前版本、E1200 2.0.05之前版本和E3200 1.0.04及之前版本。
Description (English)
Linksys E1,000 are all a router for Linksys in the United States. Linksys multi-products have an OS command leak, which results from the presence of shell characters in the ping ip parameter at TCP port 52000 on apply.cgi, which may lead to an OS command injection. The following products and versions were affected: Linksys E1000 2.1.02 and earlier, E1200 2.005 and E3200 1.0.04 and earlier.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
Linksys
Published
2025-07-11
Last Modified
2026-02-24
References
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-008.txt https://web.archive.org/web/20140421001918/ https://access.redhat.com/security/cve/cve-2013-3307
Patch
https://support.linksys.com/kb/article/1181-cn/
Share on: