CVE-2013-10069
Published: 05 August 2025
Summary
CVE-2013-10069 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dlink Dir-600 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation and sanitization of the cmd POST parameter in command.php.
Mandates timely remediation of the specific command injection flaw through firmware patching or upgrades for affected D-Link routers.
Prohibits unauthenticated actions on the web interface, blocking remote exploitation of command.php without identification or authentication.
NVD Description
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw…
more
without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
Deeper analysisAI
CVE-2013-10069 is an unauthenticated OS command injection vulnerability (CWE-78) in the web interface of multiple D-Link routers, specifically affecting DIR-600 rev B versions up to 2.14b01 and DIR-300 rev B versions up to 2.13. The flaw resides in the command.php script, which improperly handles the cmd POST parameter, allowing arbitrary command execution. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.
A remote attacker can exploit this vulnerability without authentication by sending a crafted POST request to command.php. Successful exploitation enables the attacker to spawn a Telnet service on a port of their choice, providing persistent interactive shell access with root privileges. This grants full control over the device, including potential data exfiltration, further network pivoting, or deployment of persistent malware.
Advisories and related resources, such as the archived S3cur1ty.de bulletin (m1adv2013-003) and VulnCheck's advisory on D-Link devices, document the issue alongside public exploit code. A Metasploit auxiliary module (dlink_dir_300_600_exec_noauth) and Exploit-DB entries (e.g., 24453) demonstrate reliable exploitation paths for security testing. No specific patches are detailed in the provided references, underscoring the need for firmware upgrades where available or device replacement for end-of-support models.
Details
- CWE(s)