CVE-2013-10048

CRITICAL

D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10048. PoCs published by Metasploit, m-1-k-3, including Metasploit module exploits/linux/http/dlink_command_php_exec_noauth.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via the command.php endpoint. It supports two targets: direct command execution and spawning a telnet backdoor service.

Description

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/27528

This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via the command.php endpoint. It supports two targets: direct command execution and spawning a telnet backdoor service.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-600 (2.14b01), DIR-300 rev B (2.13), and potentially other models
No auth needed
Prerequisites: Network access to the vulnerable D-Link router's web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP
by m-1-k-3 · textwebappshardware
https://www.exploit-db.com/exploits/24453

This is a detailed vulnerability writeup for an unauthenticated OS command injection vulnerability in D-Link DIR-600 and DIR-300 routers. The vulnerability allows arbitrary command execution via the 'cmd' parameter in /command.php, enabling attackers to start a telnet server or extract credentials.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-600 / DIR-300 (Firmware versions 2.12, 2.13, 2.14)
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb

This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via the command.php endpoint. It spawns a telnet service on a random port and establishes a session for command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-600 (2.14b01), DIR-300 rev B (2.13)
No auth needed
Prerequisites: Network access to the vulnerable D-Link router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.7558
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (4)
D-Link/DIR-300 < 2.13
D-Link/DIR-600 < 2.14b01
dlink/dir-300_firmware < 2.13
dlink/dir-600_firmware < 2.14b01
Published Aug 01, 2025
Tracked Since Feb 18, 2026