CVE-2013-5946

CWE-78OS Command Injection4 documents4 sources
Severity
10.0CRITICAL
EPSS
6.3%
top 9.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Dlink Dsr-1000 FirmwareDlink Dsr-1000n FirmwareDlink Dsr-150 Firmware+5 more
Timeline
PublishedDec 19
Latest updateMay 17

Description

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages8 packages

NVDdlink/dsr-1000n_firmware1.08b51+11
NVDdlink/dsr-1000_firmware1.08b51+11
NVDdlink/dsr-500n_firmware1.08b51+10

🔴Vulnerability Details

2
GHSA
GHSA-9wg5-5pjg-62hf: The runShellCmd function in systemCheck2022-05-17
CVEList
CVE-2013-5946: The runShellCmd function in systemCheck2013-12-19

💥Exploits & PoCs

1
Exploit-DB
D-Link DSR Router Series - Remote Command Execution2013-12-06
CVE-2013-5946 (CRITICAL CVSS 10) | The runShellCmd function in systemC | cvebase.io