CVE-2013-1599

CRITICAL EXPLOITED

Dlink Dcs-3411 Firmware - OS Command Injection

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2013-1599 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Core Security.

AI-analyzed exploit summary This is a detailed advisory from Core Security describing multiple vulnerabilities in D-Link IP cameras, including command injection (CVE-2013-1599), authentication bypass (CVE-2013-1600, CVE-2013-1602), and information leaks (CVE-2013-1601, CVE-2013-1603). It includes technical descriptions and proof-of-concept examples for each vulnerability.

Description

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Core Security · textwebappshardware
https://www.exploit-db.com/exploits/25138

This is a detailed advisory from Core Security describing multiple vulnerabilities in D-Link IP cameras, including command injection (CVE-2013-1599), authentication bypass (CVE-2013-1600, CVE-2013-1602), and information leaks (CVE-2013-1601, CVE-2013-1603). It includes technical descriptions and proof-of-concept examples for each vulnerability.

Classification
Writeup 100%
Attack Type
Rce | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: D-Link IP Cameras (multiple models and firmware versions)
No auth needed
Prerequisites: Network access to the vulnerable D-Link IP camera
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/59564
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/25138
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/83941
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2013-1599
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
https://seclists.org/fulldisclosure/2013/Apr/253

Scores

CVSS v3 9.8
EPSS 0.9190
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12
CWE
CWE-78
Status published
Products (19)
dlink/dcs-1100_firmware 1.03
dlink/dcs-1100_firmware 1.04
dlink/dcs-1100l_firmware 1.04
dlink/dcs-1130_firmware 1.03
dlink/dcs-1130_firmware 1.04
dlink/dcs-1130l_firmware 1.04
dlink/dcs-2102_firmware 1.05
dlink/dcs-2121_firmware 1.05
dlink/dcs-3410_firmware 1.02
dlink/dcs-3411_firmware 1.02
... and 9 more
Published Jan 28, 2020
Tracked Since Feb 18, 2026