Sign-up

ID

VAR-202508-0048


CVE

CVE-2013-10059


TITLE

D-Link Corporation  of  DIR-615 Rev.H1  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-014640

DESCRIPTION

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands. (DoS) It may be in a state. The D-Link DIR-615H1 is a wireless router from D-Link, a Chinese company. The D-Link DIR-615H1 suffers from a command injection vulnerability caused by insufficient input sanitization in the tools_vct.htm endpoint. This vulnerability could allow an attacker to cause remote code execution

Trust: 2.16

sources: NVD: CVE-2013-10059 // JVNDB: JVNDB-2025-014640 // CNVD: CNVD-2025-18478

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18478

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615hscope:lteversion:8.04

Trust: 1.0

vendor:d linkmodel:dir-615 rev.h1scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-615 rev.h1scope:lteversion:dir-615 rev.h1 firmware 8.04 and earlier

Trust: 0.8

vendor:d linkmodel:dir-615 rev.h1scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-615h1scope:eqversion:8.04

Trust: 0.6

sources: CNVD: CNVD-2025-18478 // JVNDB: JVNDB-2025-014640 // NVD: CVE-2013-10059

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-10059
value: HIGH

Trust: 1.0

disclosure@vulncheck.com: CVE-2013-10059
value: HIGH

Trust: 1.0

NVD: CVE-2013-10059
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-18478
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18478
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-10059
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2013-10059
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18478 // JVNDB: JVNDB-2025-014640 // NVD: CVE-2013-10059 // NVD: CVE-2013-10059

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014640 // NVD: CVE-2013-10059

EXTERNAL IDS

db:NVDid:CVE-2013-10059

Trust: 3.2

db:EXPLOIT-DBid:24477

Trust: 1.8

db:EXPLOIT-DBid:25609

Trust: 1.8

db:JVNDBid:JVNDB-2025-014640

Trust: 0.8

db:CNVDid:CNVD-2025-18478

Trust: 0.6

sources: CNVD: CNVD-2025-18478 // JVNDB: JVNDB-2025-014640 // NVD: CVE-2013-10059

REFERENCES

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir615_up_exec.rb

Trust: 1.8

url:https://web.archive.org/web/20150921102603/http://www.s3cur1ty.de/m1adv2013-008

Trust: 1.8

url:https://www.exploit-db.com/exploits/24477

Trust: 1.8

url:https://www.exploit-db.com/exploits/25609

Trust: 1.8

url:https://www.vulncheck.com/advisories/d-link-legacy-os-command-injection

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2013-10059

Trust: 0.8

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/

Trust: 0.6

sources: CNVD: CNVD-2025-18478 // JVNDB: JVNDB-2025-014640 // NVD: CVE-2013-10059

SOURCES

db:CNVDid:CNVD-2025-18478
db:JVNDBid:JVNDB-2025-014640
db:NVDid:CVE-2013-10059

LAST UPDATE DATE

2025-10-02T23:30:44.378000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18478date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-014640date:2025-09-30T01:16:00
db:NVDid:CVE-2013-10059date:2025-09-23T19:10:54.760

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18478date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-014640date:2025-09-30T00:00:00
db:NVDid:CVE-2013-10059date:2025-08-01T21:15:28