Sign-up

ID

VAR-202508-0132


CVE

CVE-2013-10069


TITLE

D-Link DIR-600 Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-18551

DESCRIPTION

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root. The D-Link DIR-600 is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause command injection

Trust: 1.44

sources: NVD: CVE-2013-10069 // CNVD: CNVD-2025-18551

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18551

AFFECTED PRODUCTS

vendor:d linkmodel:dir-600 rev b 2.14b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-18551

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com: CVE-2013-10069
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-18551
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18551
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2025-18551 // NVD: CVE-2013-10069

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2013-10069

EXTERNAL IDS

db:NVDid:CVE-2013-10069

Trust: 1.6

db:EXPLOIT-DBid:24453

Trust: 1.0

db:CNVDid:CNVD-2025-18551

Trust: 0.6

sources: CNVD: CNVD-2025-18551 // NVD: CVE-2013-10069

REFERENCES

url:https://www.vulncheck.com/advisories/dlink-devices-unauth-rce

Trust: 1.0

url:https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003

Trust: 1.0

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb

Trust: 1.0

url:https://www.exploit-db.com/exploits/24453

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2013-10069

Trust: 0.6

sources: CNVD: CNVD-2025-18551 // NVD: CVE-2013-10069

SOURCES

db:CNVDid:CNVD-2025-18551
db:NVDid:CVE-2013-10069

LAST UPDATE DATE

2025-08-17T23:25:25.834000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18551date:2025-08-15T00:00:00
db:NVDid:CVE-2013-10069date:2025-08-06T18:15:28.547

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18551date:2025-08-14T00:00:00
db:NVDid:CVE-2013-10069date:2025-08-05T20:15:35.690