HOMEVULNERABILITIESCVE-2013-5946
CRITICAL

CVE-2013-5946

CWE-78Published: December 19, 2013· Updated: Jun 16, 2026

10.0
CVSS v3.1

Official Description

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.

NVD Source

Technical Analysis

CVE-2013-5946 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.
User Interaction
Scope
Impact
ConfidentialityC
IntegrityC
AvailabilityC
AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Vendors & Products

dlink16 product(s)
dsr-500 firmwaredsr-500dsr-150n firmwaredsr-150ndsr-250n firmwaredsr-250ndsr-1000 firmwaredsr-1000dsr-150 firmwaredsr-150dsr-250 firmwaredsr-250+4
Source: NVD CPE · 72 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (10)

Quick Facts

CVE IDCVE-2013-5946
CVSS Score10.0 / 10
SeverityCRITICAL
WeaknessCWE-78
CISA KEVNo
Affected1 vendor(s)
PublishedDec 19, 2013

Related CVEs (CWE-78)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2013-5946 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.