CVE-2013-10050 in DIR-300 Rev A
Summary
by MITRE • 08/02/2025
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/26/2026
The vulnerability identified as CVE-2013-10050 represents a critical operating system command injection flaw affecting multiple D-Link router models including the DIR-300 revision A with firmware version 1.05 and DIR-615 revision D with firmware version 4.13. This security weakness resides within the authenticated administrative interface of these network devices, specifically targeting the tools_vct.xgi Common Gateway Interface endpoint that processes user input through the pingIp parameter. The flaw stems from inadequate input validation and sanitization mechanisms that fail to properly filter or escape malicious payloads submitted by authenticated users, creating a pathway for arbitrary code execution at the operating system level.
The technical exploitation of this vulnerability occurs through the manipulation of the pingIp parameter within the tools_vct.xgi CGI script, which directly incorporates user-supplied input into system commands without proper sanitization. This command injection vulnerability enables an attacker with valid administrative credentials to execute arbitrary shell commands on the affected devices, effectively granting them complete control over the router's operating system. The attack vector specifically leverages the Mathopd/1.5p6 web server implementation that processes these requests, allowing for the execution of commands such as spawning a telnet daemon to establish a root shell access. This represents a severe privilege escalation vulnerability that transforms legitimate administrative access into full system compromise.
The operational impact of this vulnerability extends beyond simple command execution to encompass complete device takeover and potential network infiltration. Once exploited, attackers can establish persistent access to the router through root shell access, enabling them to modify network configurations, redirect traffic, or use the compromised device as a pivot point for attacking other systems within the network. The vulnerability's presence in end-of-life firmware versions means that affected devices receive no vendor security updates, leaving them permanently exposed to exploitation. This creates a significant risk for organizations still using legacy D-Link routers, as these devices become potential entry points for broader network attacks and can facilitate lateral movement within corporate environments.
Security practitioners should recognize this vulnerability as mapping to CWE-77, Operating System Command Injection, which is categorized under the broader category of injection flaws in software security. The attack pattern aligns with ATT&CK technique T1059.001 for Command and Scripting Interpreter, specifically targeting the execution of operating system commands. Given the absence of vendor patches and the end-of-life status of affected models, mitigation strategies must focus on network segmentation, access control restrictions, and immediate device replacement or decommissioning. Organizations should implement network monitoring to detect suspicious command execution patterns and consider deploying intrusion detection systems to identify potential exploitation attempts. The vulnerability demonstrates the critical importance of input validation and the dangers of legacy device support in enterprise networking environments where security updates are no longer provided by vendors.