CVE-2013-10069

CRITICAL

D-Link DIR-600 DIR-300 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10069. PoCs published by m-1-k-3, including Metasploit module auxiliary/admin/http/dlink_dir_300_600_exec_noauth.

AI-analyzed exploit summary This is a detailed vulnerability writeup for an unauthenticated OS command injection vulnerability in D-Link DIR-600 and DIR-300 routers. The vulnerability allows arbitrary command execution via the 'cmd' parameter in /command.php, enabling attackers to start a telnet server or extract credentials.

Description

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.

Exploits (2)

exploitdb WRITEUP

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24453

View Code ZIP pw:eip

This is a detailed vulnerability writeup for an unauthenticated OS command injection vulnerability in D-Link DIR-600 and DIR-300 routers. The vulnerability allows arbitrary command execution via the 'cmd' parameter in /command.php, enabling attackers to start a telnet server or extract credentials.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-600 / DIR-300 (Firmware versions 2.12, 2.13, 2.14)

No auth needed

Prerequisites: Network access to the vulnerable device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated OS command injection vulnerability in D-Link DIR-600 and DIR-300 routers via the /command.php endpoint. It sends a POST request with a user-supplied command, which is executed on the target device.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-600 rev B (firmware 2.14b01 and below), DIR-300 rev B (firmware 2.13 and below)

No auth needed

Prerequisites: Network access to the target device · Vulnerable D-Link router with exposed web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb

Exploit exploit

https://www.exploit-db.com/exploits/24453

Exploit, Third Party Advisory technical-description exploit

https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/dlink-devices-unauth-rce

Scores

CVSS v3 9.8

EPSS 0.8270

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (4)

D-Link/DIR-300 rev B < 2.13

D-Link/DIR-600 rev B < 2.14b01

dlink/dir-300_firmware < 2.13

dlink/dir-600_firmware < 2.14b01

Published Aug 05, 2025

Tracked Since Feb 18, 2026