HIGH🇵🇱 Wersja polska

CVE-2013-5946

CVSS 10.0v2.0pub. 2013-12-19upd. 2026-04-29

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Dlink Dsr 1000

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 1000 Firmware

    OS
    Dlink
    1.01b501.02b111.02b251.03b121.03b231.03b271.03b361.03b431.04b581.06b431.06b53≤ 1.08b51
  • Dlink Dsr 1000n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 1000n Firmware

    OS
    Dlink
    1.01b501.02b111.02b251.03b121.03b231.03b271.03b361.03b431.04b581.06b431.06b53≤ 1.08b51
  • Dlink Dsr 150

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 150 Firmware

    OS
    Dlink
    1.05b291.05b351.05b461.05b50≤ 1.08b29
  • Dlink Dsr 150n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 150n Firmware

    OS
    Dlink
    ≤ 1.05b48
  • Dlink Dsr 250

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 250 Firmware

    OS
    Dlink
    1.01b461.01b561.05b201.05b531.08b31≤ 1.08b39
  • Dlink Dsr 250n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 250n Firmware

    OS
    Dlink
    1.01b461.01b561.05b201.05b531.08b31≤ 1.08b39
  • Dlink Dsr 500

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500 Firmware

    OS
    Dlink
    1.02b111.02b251.03b121.03b231.03b271.03b361.03b431.04b581.06b431.06b53≤ 1.08b51
  • Dlink Dsr 500n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500n Firmware

    OS
    Dlink
    1.02b111.02b251.03b121.03b231.03b271.03b361.03b431.04b581.06b431.06b53≤ 1.08b51
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-39615CRITICAL9.8ten sam produkt

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passw...

CVE-2020-18568CRITICAL9.8ten sam produkt

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which ...

CVE-2013-5945CRITICAL9.8ten sam produkt

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...

CVE-2024-57376HIGH8.8ten sam produkt

Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to...

CVE-2020-25757HIGH8.8ten sam produkt

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary i...