ByteOS Network

DIR-300

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2013-10048

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-9.3||CRITICAL

EPSS-2.60% / 85.04%

7 Day CHG+1.03%

Published-01 Aug, 2025 | 20:39

Updated-04 Aug, 2025 | 15:15

D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.

Vendor-D-Link Corporation

Product-DIR-300 DIR-600

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2024-0717

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-28.39% / 96.34%

7 Day CHG+4.52%

Published-19 Jan, 2024 | 15:31

Updated-30 May, 2025 | 14:26

D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.

Vendor-D-Link Corporation

Product-dwr-953 dir-853_firmware dir-853 dsl-2640u_firmware dvg-5402g\/gfru_firmware dsl-245gr dir-822 dir-841 dvg-n5402g\/il_firmware dir-825acg1_firmware dir-843_firmware dir-620s dvg-5402g_firmware dvg-5402g\/gfru dir-620s_firmware dir-620 dir-1260 dvg-5402g dir-825_firmware dir-806a dir-615_firmware dir-615gf dir-878 dir-816_firmware dir-615s dir-820 dvg-n5402g dir-842 dir-2150 dwm-312w_firmware dir-806a_firmware dsl-224 dsl-245gr_firmware dir-615t_firmware dir-825acf dir-815s dir-x1530 dwm-321 dir-825ac_firmware dvg-n5402g\/il dwr-953_firmware dir-882 dir-815s_firmware dir-842_firmware dir-615t dir-825 dir-300 dsl-224_firmware dsl-g2452gr_firmware dap-1360_firmware dir-1210 dwr-921 dsl-2750u_firmware dsl-2750u dsl-2640u dir-816 dir-843 dir-841_firmware dir-615gf_firmware dir-878_firmware dsl-g2452gr dir-1260_firmware dir-615s_firmware dir-x1860_firmware dap-1360 dir-842s_firmware dir-825ac dir-x1530_firmware dir-842s dir-820_firmware dir-300_firmware dir-822_firmware dir-825acf_firmware dir-620_firmware dir-1210_firmware dwm-321_firmware dvg-n5402g_firmware dwr-921_firmware dir-815_firmware dwm-312w dir-815 dir-815\/ac_firmware dir-815\/ac dir-x1860 dir-882_firmware dir-825acg1 dir-615 dir-2150_firmware DIR-815S DIR-816 DWM-321 DIR-843 DIR-806A DVG-N5402G-IL DWM-312W DIR-620S DSL-2750U DIR-882 DIR-815AC DAP-1360 DIR-615 DSL-G2452GR DIR-X1530 DIR-822 DIR-825AC DIR-842S DVG-N5402G DSL-245GR DIR-841 DIR-825 DSL-224 DIR-825ACG1 DIR-X1860 DIR-853 DIR-615GF DIR-815 DIR-2150 DSL-2640U DIR-1210 DIR-825ACF DVG-5402GFRU DWR-921 Good Line Router v2 DIR-615S DIR-1260 DIR-820 DIR-878 DIR-615T DWR-953 DIR-300 DIR-620 DVG-5402G DIR-842

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor