Sign-up

ID

VAR-202508-0132


CVE

CVE-2013-10069


TITLE

D-Link Corporation  of  DIR-600  firmware and  DIR-300  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-014667

DESCRIPTION

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root. D-Link Corporation of DIR-600 firmware and DIR-300 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-600 is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause command injection

Trust: 2.16

sources: NVD: CVE-2013-10069 // JVNDB: JVNDB-2025-014667 // CNVD: CNVD-2025-18551

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18551

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-600scope:lteversion:2.14b01

Trust: 1.0

vendor:dlinkmodel:dir-300scope:lteversion:2.13

Trust: 1.0

vendor:d linkmodel:dir-600scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-300scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-600 rev b 2.14b01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-18551 // JVNDB: JVNDB-2025-014667 // NVD: CVE-2013-10069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-10069
value: CRITICAL

Trust: 1.0

disclosure@vulncheck.com: CVE-2013-10069
value: CRITICAL

Trust: 1.0

NVD: CVE-2013-10069
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-18551
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18551
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-10069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2013-10069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18551 // JVNDB: JVNDB-2025-014667 // NVD: CVE-2013-10069 // NVD: CVE-2013-10069

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014667 // NVD: CVE-2013-10069

EXTERNAL IDS

db:NVDid:CVE-2013-10069

Trust: 3.2

db:EXPLOIT-DBid:24453

Trust: 1.8

db:JVNDBid:JVNDB-2025-014667

Trust: 0.8

db:CNVDid:CNVD-2025-18551

Trust: 0.6

sources: CNVD: CNVD-2025-18551 // JVNDB: JVNDB-2025-014667 // NVD: CVE-2013-10069

REFERENCES

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb

Trust: 1.8

url:https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003

Trust: 1.8

url:https://www.exploit-db.com/exploits/24453

Trust: 1.8

url:https://www.vulncheck.com/advisories/dlink-devices-unauth-rce

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2013-10069

Trust: 1.4

sources: CNVD: CNVD-2025-18551 // JVNDB: JVNDB-2025-014667 // NVD: CVE-2013-10069

SOURCES

db:CNVDid:CNVD-2025-18551
db:JVNDBid:JVNDB-2025-014667
db:NVDid:CVE-2013-10069

LAST UPDATE DATE

2025-10-02T23:14:09.448000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18551date:2025-08-15T00:00:00
db:JVNDBid:JVNDB-2025-014667date:2025-09-30T07:54:00
db:NVDid:CVE-2013-10069date:2025-09-23T18:37:48.680

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18551date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-014667date:2025-09-30T00:00:00
db:NVDid:CVE-2013-10069date:2025-08-05T20:15:35.690