CVE-2013-10069

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb
https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003
https://www.exploit-db.com/exploits/24453
https://www.vulncheck.com/advisories/dlink-devices-unauth-rce
https://www.exploit-db.com/exploits/24453

Configurations

No configuration.

History

06 Aug 2025, 18:15

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/24453 -~~	() https://www.exploit-db.com/exploits/24453 -
Summary		(es) La interfaz web de varios routers D-Link, incluyendo el DIR-600 rev B (?2.14b01) y el DIR-300 rev B (?2.13), contiene una vulnerabilidad de inyección de comandos del sistema operativo no autenticados en command.php, que gestiona incorrectamente el parámetro POST cmd. Un atacante remoto puede explotar esta vulnerabilidad sin autenticación para generar un servicio Telnet en un puerto específico, lo que permite el acceso persistente al shell interactivo como root.

05 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 20:15

Updated : 2025-08-06 18:15

NVD link : CVE-2013-10069

Mitre link : CVE-2013-10069

CVE.ORG link : CVE-2013-10069

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2013-10069", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T20:15:35.690", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/24453", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/dlink-devices-unauth-rce", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/24453", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root."}, {"lang": "es", "value": "La interfaz web de varios routers D-Link, incluyendo el DIR-600 rev B (?2.14b01) y el DIR-300 rev B (?2.13), contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo no autenticados en command.php, que gestiona incorrectamente el par\u00e1metro POST cmd. Un atacante remoto puede explotar esta vulnerabilidad sin autenticaci\u00f3n para generar un servicio Telnet en un puerto espec\u00edfico, lo que permite el acceso persistente al shell interactivo como root."}], "lastModified": "2025-08-06T18:15:28.547", "sourceIdentifier": "disclosure@vulncheck.com"}