CVE-2013-10069 – D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10069

Published : Aug. 5, 2025, 8:15 p.m. | 1 hour, 29 minutes ago

Description : The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…