CVE-2013-10048

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

59.8%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.

Technical Details

Published
8/1/2025

Frequently Asked Questions

What is CVE-2013-10048?

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.

Is CVE-2013-10048 actively exploited?

Active exploitation of CVE-2013-10048 has not been confirmed. The EPSS score is 59.8%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2013-10048?

CVE-2013-10048 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2013-10048 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.