CVE-2013-10050Dlink · Dir-300_firmware
Vulnerability data via NVD (ingested)
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2013-10050os:"Dir-300 Firmware"More intel sources (5)
vuln:CVE-2013-10050vulnerabilities.cve_id: CVE-2013-10050CVE-2013-10050CVE-2013-10050"CVE-2013-10050" exploit -site:nvd.nist.gov