CVE-2013-6027

high

Published 2013-10-19 · Modified 2026-04-29

CVSS v3

—

CVSS v2

8.5

VIR risk

8.5

Description

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

http://pastebin.com/raw.php?i=vbiG42VD
http://www.kb.cert.org/vuls/id/248083
http://pastebin.com/raw.php?i=vbiG42VD
http://www.kb.cert.org/vuls/id/248083

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.