What is CVE-2013-10058?

CVE-2013-10058 is a vulnerability in Linksys Wrt160nv2, classified under OS Command Injection. Published 2025-08-01.

Is CVE-2013-10058 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Linksys Wrt160nv2

CVE-2013-10058

An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.656 (98.5th percentile) — read the EPSS interpretation.

Affected products

Linksys Wrt160nv2 — versions 2.0.03

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/24478 (exploit)
www.exploit-db.com/exploits/25608 (exploit)
web.archive.org/web/20140830181242/http://www.s3cur1ty.de/m1adv2013-012 (technical-description, exploit)
www.vulncheck.com/advisories/linksys-legacy-routers-remote-command-injection (third-party-advisory)

Frequently asked questions

What is CVE-2013-10058?: CVE-2013-10058 is a vulnerability in Linksys Wrt160nv2, classified under OS Command Injection. Published 2025-08-01.
Is CVE-2013-10058 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.