Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 23 Sep 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dlink
Dlink dir-300 Dlink dir-300 Firmware Dlink dir-600 Dlink dir-600 Firmware |
|
CPEs | cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Dlink
Dlink dir-300 Dlink dir-300 Firmware Dlink dir-600 Dlink dir-600 Firmware |
|
Metrics |
cvssV3_1
|
Mon, 04 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 04 Aug 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
D-link
D-link dir-300 D-link dir-600 |
|
Vendors & Products |
D-link
D-link dir-300 D-link dir-600 |
Fri, 01 Aug 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. | |
Title | D-Link Devices command.php Unauthenticated RCE | |
Weaknesses | CWE-78 | |
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-08-04T14:22:11.273Z
Reserved: 2025-08-01T14:08:41.917Z
Link: CVE-2013-10048

Updated: 2025-08-04T14:22:02.588Z

Status : Analyzed
Published: 2025-08-01T21:15:26.567
Modified: 2025-09-23T17:41:57.273
Link: CVE-2013-10048

No data.

Updated: 2025-08-04T08:49:31Z