A vulnerability has been found in Cisco Linksys E4200 L 1.10 (Router Operating System) and classified as problematic. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality.

The weakness was released 05/06/2013 by Hoyt LLC as confirmed advisory (Blog). The advisory is available at cloudscan.me. This vulnerability was named CVE-2013-2683 since 03/22/2013. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

A public exploit has been developed by sqlhacker and been published 1 days after the advisory. It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at Exploit-DB (25292). Entries connected to this vulnerability are available at 8623, 8624, 8625 and 8627.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• Linksys E4200

Version

• L 1.10

License

• commercial

Support

• end of life (old version)

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion