VYPR
Unrated severityNVD Advisory· Published Aug 5, 2025· Updated Apr 7, 2026

D-Link Devices Unauthenticated RCE

CVE-2013-10069

Description

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Dlink/DIR-600llm-create2 versions
    ≤2.14b01+ 1 more
    • (no CPE)range: ≤2.14b01
    • (no CPE)range: *
  • Dlink/DIR-300llm-create2 versions
    ≤2.13+ 1 more
    • (no CPE)range: ≤2.13
    • (no CPE)range: *

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.