CVE-2013-10069

Name of the Vulnerable Software and Affected Versions D-Link routers versions prior to 2.14b01 (DIR-600 rev B) D-Link routers versions prior to 2.13 (DIR-300 rev B)

Description The web interface of multiple D-Link routers contains an unauthenticated operating system command injection vulnerability in the command.php file. This file improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to generate a Telnet service on a specified port, enabling persistent interactive shell access as root.

Recommendations For D-Link routers version prior to 2.14b01 (DIR-600 rev B), update to version 2.14b01 or later. For D-Link routers version prior to 2.13 (DIR-300 rev B), update to version 2.13 or later.