Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 23 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:dlink:dir-615h_firmware:*:*:*:*:*:*:*:* |
Tue, 23 Sep 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dlink
Dlink dir-615h Dlink dir-615h Firmware |
|
CPEs | cpe:2.3:h:dlink:dir-615h:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615h_firmware:8.04:*:*:*:*:*:*:* |
|
Vendors & Products |
Dlink
Dlink dir-615h Dlink dir-615h Firmware |
|
Metrics |
cvssV3_1
|
Tue, 05 Aug 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
D-link
D-link dir-615 |
|
Vendors & Products |
D-link
D-link dir-615 |
Mon, 04 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 01 Aug 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands. | |
Title | D-Link Routers tools_vct.htm OS Command Injection | |
Weaknesses | CWE-78 | |
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-08-04T14:23:46.719Z
Reserved: 2025-08-01T17:05:01.077Z
Link: CVE-2013-10059

Updated: 2025-08-04T14:23:40.550Z

Status : Analyzed
Published: 2025-08-01T21:15:28.000
Modified: 2025-09-23T19:10:54.760
Link: CVE-2013-10059

No data.

Updated: 2025-08-05T11:39:01Z