CVE-2013-3307 HIGH

CVE-2013-3307

Vendor Linksys

Product E1000

Weakness CWE-78

Published July 11, 2025

Last update July 11, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

Key dates

02Disclosure timeline

July 11, 2025 CVE published

July 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2013-3307 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2013-3307

CWE CWE-78

CVSS 8.3 / HIGH

Affected versions

Vendor Linksys

Product E1000

Affected ≤ 2.1.02

Vendor Linksys

Product E1200

Affected < 2.0.05

Vendor Linksys

Product E3200

Affected ≤ 1.0.04

CVE-2013-3307

01Description

02Disclosure timeline

03References

04Related CVE