Linksys E1500 Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in the Linksys E1500 router's web interface, specifically in the /apply.cgi endpoint. This vulnerability affects firmware versions 1.0.00, 1.0.04, and 1.0.05. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences, potentially exposing sensitive system files and configuration data.

Impact

Exploitation of this vulnerability allows authenticated attackers to access arbitrary files on the router, including sensitive system and configuration files.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the /apply.cgi endpoint with the next_page parameter set to a traversal sequence that includes the desired file path. The injection of traversal sequences can bypass the web root restrictions and access files outside the intended directory.