{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T02:10:11.060","vulnerabilities":[{"cve":{"id":"CVE-2013-10069","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-05T20:15:35.690","lastModified":"2026-06-16T23:50:38.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root."},{"lang":"es","value":"La interfaz web de varios routers D-Link, incluyendo el DIR-600 rev B (?2.14b01) y el DIR-300 rev B (?2.13), contiene una vulnerabilidad de inyección de comandos del sistema operativo no autenticados en command.php, que gestiona incorrectamente el parámetro POST cmd. Un atacante remoto puede explotar esta vulnerabilidad sin autenticación para generar un servicio Telnet en un puerto específico, lo que permite el acceso persistente al shell interactivo como root."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"D-Link","product":"DIR-600 rev B","defaultStatus":"unaffected","modules":["command.php"],"versions":[{"version":"0","lessThanOrEqual":"2.14b01","versionType":"custom","status":"affected"}]},{"vendor":"D-Link","product":"DIR-300 rev B","defaultStatus":"unaffected","modules":["command.php"],"versions":[{"version":"0","lessThanOrEqual":"2.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-06T17:54:19.302646Z","id":"CVE-2013-10069","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.14b01","matchCriteriaId":"0F87BB64-EF06-4511-9F07-231D4045CE45"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-600:b:*:*:*:*:*:*:*","matchCriteriaId":"AC7A081E-5CA0-4B32-97B6-B9B0BACDF2ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"DB8FDB5F-A68F-4548-8329-40BDBF70479A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*","matchCriteriaId":"3C94BE4B-01ED-4300-AEA0-498D3DCF608D"}]}]}],"references":[{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/24453","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://www.vulncheck.com/advisories/dlink-devices-unauth-rce","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/24453","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}