Login Sign Up

CVE-2013-4658

9.8 CRITICAL
Path Traversal

📋 TL;DR

CVE-2013-4658 is a critical SMB symlink traversal vulnerability in Linksys EA6500 routers that allows attackers to create symbolic links pointing outside the Samba share boundaries. This enables unauthorized access to sensitive files and directories on the router's filesystem. Affected users are those running vulnerable firmware versions on Linksys EA6500 routers with SMB sharing enabled.

💻 Affected Systems

Products:
  • Linksys EA6500
Versions: Firmware versions prior to the fix (specific version unknown from references)
Operating Systems: Embedded Linux on Linksys routers
Default Config Vulnerable: ⚠️ Yes
Notes: Requires SMB sharing to be enabled, which may be default or user-configured. Older firmware versions are definitely vulnerable.

📦 What is this software?

Ea6500 Firmware by Linksys

View all CVEs affecting Ea6500 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise leading to credential theft, malware installation, network pivoting to internal systems, and persistent backdoor access.

🟠

Likely Case

Unauthorized access to router configuration files, user credentials, and sensitive data stored on connected devices via SMB shares.

🟢

If Mitigated

Limited to accessing only intended SMB share directories with proper access controls and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to SMB service and some authentication level. Public research and proof-of-concept details exist in referenced materials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check Linksys firmware updates

Vendor Advisory: No specific advisory URL found in references

Restart Required: Yes

Instructions:

1. Log into Linksys EA6500 web interface. 2. Navigate to Administration > Firmware Upgrade. 3. Check for and install latest firmware. 4. Reboot router after update.

🔧 Temporary Workarounds

Disable SMB Sharing

all

Turn off SMB file sharing service to eliminate attack surface

Network Segmentation

all

Isolate router management interface and SMB services from untrusted networks

🧯 If You Can't Patch

  • Disable SMB sharing completely if not needed
  • Implement strict firewall rules to limit SMB access to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface and compare against latest available version from Linksys

Check Version:

Check via web interface or SSH if available: cat /proc/version or show version

Verify Fix Applied:

Verify firmware version matches or exceeds known patched versions, test SMB access attempts to traverse outside shares

📡 Detection & Monitoring

Log Indicators:

  • Unusual SMB connection attempts
  • Failed authentication attempts to SMB shares
  • File access patterns outside normal share directories

Network Indicators:

  • SMB protocol traffic to router on port 445
  • Unusual file enumeration patterns

SIEM Query:

source="router_logs" AND (protocol="SMB" OR port=445) AND (event="access_denied" OR event="file_access")

📊 Metadata

CVE ID: CVE-2013-4658
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: October 25, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-4658, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)