CRITICAL🇵🇱 Wersja polska

CVE-2013-10069

CVSS 10.0v4.0pub. 2025-08-05upd. 2025-09-23

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of a POST parameter named 'cmd' in the command.php file — user input is passed directly to a system call without proper validation or sanitization (CWE-78). An attacker can craft an appropriate HTTP request and inject arbitrary operating system commands. The described example of exploitation is running the Telnet service on a specified port, which provides persistent, interactive access to the system shell with root privileges.

Impact

The attacker gains full, persistent access to the operating system shell with root privileges without needing any credentials, enabling complete device takeover, modification of its configuration, and further lateral movement in the network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Due to the age of the devices and lack of active manufacturer support, replacement with a newer model covered by support is recommended. As an interim workaround, access to the router's web interface from external networks should be blocked and local access should be restricted only to trusted hosts using a firewall.

Who is affected

D-Link DIR-600 rev B with firmware version ≤2.14b01 and D-Link DIR-300 rev B with firmware version ≤2.13

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Dlink Dir 300

    HW
    Dlink
    b
  • Dlink Dir 300 Firmware

    OS
    Dlink
    ≤ 2.13
  • Dlink Dir 600

    HW
    Dlink
    b
  • Dlink Dir 600 Firmware

    OS
    Dlink
    ≤ 2.14b01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2018-25115CRITICAL10.0PL ✓ten sam produkt

D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)

CVE-2013-10048CRITICAL9.3PL ✓ten sam produkt

D-Link DIR-300/DIR-600: nieuwierzytelniony command injection z uprawnieniami root

CVE-2024-41616CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-300: zakodowane na stałe dane uwierzytelniające w usłudze Telnet

CVE-2023-33625CRITICAL9.8ten sam produkt

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulner...

CVE-2023-33626CRITICAL9.8ten sam produkt

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the g...