mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-21 17:16:51 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2013-10069
&color=brightgreen)
Description
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
POC
Reference
- https://www.exploit-db.com/exploits/24453
- https://www.vulncheck.com/advisories/dlink-devices-unauth-rce
Github
No PoCs found on GitHub currently.