CVE-2013-3307

No Score

Description

Linksys X3000 is vulnerable to an OS command injection vulnerability. The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.

References

Exploits
More

https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html

https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html

https://securityaffairs.com/172805/malware/gayfemboy-mirai-botnet-four-faith-flaw.html

https://blog.xlab.qianxin.com/gayfemboy/

https://blog.xlab.qianxin.com/catddos-derivative-en/

https://www.exploit-db.com/exploits/26415

Details

Source: Mitre, NVD

Published: 2024-10-25