What is CVE-2013-10069?

CVE-2013-10069 is a vulnerability in D-link Dir-300 Rev B, classified under OS Command Injection. Published 2025-08-05.

Is CVE-2013-10069 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in D-link Dir-300 Rev B

CVE-2013-10069

The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A r…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.

Affected products

D-link Dir-300 Rev B — versions 0
D-link Dir-600 Rev B — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.exploit-db.com/exploits/24453 (exploit)
web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003 (technical-description, exploit)
www.vulncheck.com/advisories/dlink-devices-unauth-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10069?: CVE-2013-10069 is a vulnerability in D-link Dir-300 Rev B, classified under OS Command Injection. Published 2025-08-05.
Is CVE-2013-10069 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.