Security Update News
Update Information
| Title | CVE-2013-3307 |
|---|---|
| Update ID | AKB:E01AEC4F-3ECA-4354-8483-8BFDC7C4E877 |
| Type | attackerkb |
| Published | 2025-07-11T00:00:00 |
| Last Updated | 2025-07-12T00:00:00 |
Security Impact
| CVSS Score | 8.3 |
|---|---|
| Severity | HIGH |
AI Analysis
| AI Description | This vulnerability allows attackers to inject OS commands on Linksys E1000, E1200, and E3200 routers via the apply.cgi ping_ip parameter. It can enable remote code execution, potentially leading to full device control. Exploited by botnets like BotenaGo, it poses a significant risk for large-scale attacks. |
|---|---|
| AI Severity | High |
| AI Vendor | Belkin |
| AI Product | Linksys E1000, E1200, E3200 |
| AI Version | 2.1.02, 2.0.05, 1.0.04 |
Affected CVEs
- CVE-2013-3307
Update Details
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
**Recent assessments:**
**gwillcox-r7** at November 21, 2021 10:11pm UTC reported:
Bug in Linksys X3000 1.0.03 build 001 currently being exploited in the wild by the BotenaGo botnet which is targeting routers to build its botnet out. Likely trying to use this bug to build a network of zombie routers similar to the Mirai botnet and then use that along with amplification attacks to perform DoS attacks.
More info available at https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
Assessed Attacker Value: 0
Assessed Attacker Value: 0
Assessed Attacker Value: 0