CVE-2013-10059

HIGH

D-Link DIR-615H1 <8.04 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10059. PoCs published by Metasploit, m-1-k-3, including Metasploit module exploits/linux/http/dlink_dir615_up_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated OS command injection vulnerability in D-Link DIR-615h routers. It leverages default credentials to inject commands via the `ping_ipaddr` parameter, enabling arbitrary payload execution through wget.

Description

An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/25609

This Metasploit module exploits an authenticated OS command injection vulnerability in D-Link DIR-615h routers. It leverages default credentials to inject commands via the `ping_ipaddr` parameter, enabling arbitrary payload execution through wget.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DIR-615h (Firmware 8.04)
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by m-1-k-3 · textwebappshardware
https://www.exploit-db.com/exploits/24477

This exploit demonstrates an OS command injection vulnerability in D-Link DIR-615 routers via the `ping_ipaddr` parameter. It allows authenticated attackers to execute arbitrary shell commands, such as starting a telnet daemon or uploading a backdoor.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-615, Firmware Version 8.04 (Tue, 4, Sep, 2012 and Fri, 18, Jan, 2013)
Auth required
Prerequisites: Authenticated access to the router's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dir615_up_exec.rb

This Metasploit module exploits an authenticated OS command injection vulnerability in D-Link DIR-615 routers (CVE-2013-10059). It leverages default credentials to inject commands via the `ping_ipaddr` parameter, enabling arbitrary payload execution through wget.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DIR-615 (Firmware 8.04)
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.2
EPSS 0.1911
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
D-Link/DIR-615H1 < 8.04
dlink/dir-615h_firmware < 8.04
Published Aug 01, 2025
Tracked Since Feb 18, 2026