D Link Dir 300
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D Link Dir 300.
By the Year
In 2026 there have been 0 vulnerabilities in D Link Dir 300. Last year, in 2025 Dir 300 had 2 security vulnerabilities published. Right now, Dir 300 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
It may take a day or so for new Dir 300 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D Link Dir 300 Security Vulnerabilities
D-Link DIR-300/615 OS Command Injection via tools_vct.xgi
CVE-2013-10050
- August 01, 2025
An OS command injection vulnerability exists in multiple D-Link routersconfirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
Shell injection
OS Command Injection in D-Link DIR-300 rev B/600 command.php (before 2.14b01)
CVE-2013-10048
- August 01, 2025
An OS command injection vulnerability exists in various legacy D-Link routersincluding DIR-300 rev B and DIR-600 (firmware 2.13 and 2.14b01, respectively)due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D Link Dir 300 or by D Link? Click the Watch button to subscribe.
