CVE-2013-10048
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
59.8%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
Technical Details
- Published
- 8/1/2025
Frequently Asked Questions
What is CVE-2013-10048?
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
Is CVE-2013-10048 actively exploited?
Active exploitation of CVE-2013-10048 has not been confirmed. The EPSS score is 59.8%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2013-10048?
CVE-2013-10048 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2013-10048 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.