Description
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
Published: 2013-12-19
Score: 10.0 Critical
EPSS: 6.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2013-5778 The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
History

No history.

Subscriptions

Dlink Dsr-1000 Dsr-1000 Firmware Dsr-1000n Dsr-1000n Firmware Dsr-150 Dsr-150 Firmware Dsr-150n Dsr-150n Firmware Dsr-250 Dsr-250 Firmware Dsr-250n Dsr-250n Firmware Dsr-500 Dsr-500 Firmware Dsr-500n Dsr-500n Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T17:29:42.605Z

Reserved: 2013-09-27T00:00:00.000Z

Link: CVE-2013-5946

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-12-19T04:24:51.930

Modified: 2026-04-29T01:13:23.040

Link: CVE-2013-5946

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses