CVE-2013-10050

HIGH

D-Link DIR-300/615 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10050. PoCs published by Metasploit, m-1-k-3, including Metasploit module exploits/linux/http/dlink_dir300_exec_telnet.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via the `tools_vct.xgi` endpoint. It supports two exploitation methods: direct command execution or spawning a telnet backdoor service.

Description

An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/27428

This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via the `tools_vct.xgi` endpoint. It supports two exploitation methods: direct command execution or spawning a telnet backdoor service.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DIR-300 rev A v1.05, DIR-615 rev D v4.13, and potentially other D-Link devices
Auth required
Prerequisites: Network access to the target device · Valid credentials (default: admin/admin)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by m-1-k-3 · textwebappshardware
https://www.exploit-db.com/exploits/25024

This exploit demonstrates a stored XSS vulnerability in D-Link DIR-635 firmware 2.34EU, where malicious JavaScript can be injected into the SSID parameter. It also includes details on reflected XSS, CSRF, and an authentication bypass for password changes.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-635 Firmware 2.34EU
Auth required
Prerequisites: Authenticated access to the router's web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb

This Metasploit module exploits an unauthenticated remote command execution vulnerability in D-Link routers via command injection in the `tools_vct.xgi` endpoint. It authenticates, triggers a telnet service on a random port, and establishes a reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link routers (e.g., DIR-300, DIR-600)
Auth required
Prerequisites: Network access to the target device · Valid credentials (default: admin/admin)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.0964
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (4)
D-Link/DIR-300 rev A < 1.05
D-Link/DIR-615 rev D < 4.13
dlink/dir-300_firmware < 1.05
dlink/dir-615_firmware < 4.13
Published Aug 01, 2025
Tracked Since Feb 18, 2026