Primary

Context

Linksys E-Series Command Injection Vulnerability in apply.cgi Ping_ip Parameter

Vulnerability

Patched

A command injection vulnerability has been identified in Linksys E1000 devices running versions prior to 2.1.02, E1200 devices prior to 2.0.05, and E3200 devices running versions prior to 1.0.04. The issue arises in the apply.cgi file, where shell metacharacters in the ping_ip parameter can be exploited to inject and execute operating system commands. This vulnerability is accessible through TCP port 52000.

Impact

Exploitation of this vulnerability allows for OS command injection, where an attacker can execute arbitrary commands on the device's operating system.

Added: Jul 11, 2025, 7:25 PM

Updated: Jul 11, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

8.4

remediation

7.7

relevance

0.2

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

8.4

remediation

7.7

relevance

0.2

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linksys E-Series Command Injection Vulnerability in apply.cgi Ping_ip Parameter

Vulnerability

Impact

Affected Products

Linksys E1200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating