CVE-2013-10060

HIGH

Netgear router <1.0.0.36 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10060. PoCs published by Metasploit, m-1-k-3, including Metasploit module exploits/linux/http/netgear_dgn2200b_pppoe_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN2200B routers via the pppoe.cgi interface. It allows remote command execution by injecting commands into the pppoe_username parameter.

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/24974

This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN2200B routers via the pppoe.cgi interface. It allows remote command execution by injecting commands into the pppoe_username parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netgear DGN2200B
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by m-1-k-3 · textwebappshardware
https://www.exploit-db.com/exploits/24513

This exploit demonstrates an OS command injection vulnerability in Netgear DGN2200B routers via the `pppoe_username` parameter, allowing arbitrary shell command execution. It also includes details on insecure cryptographic storage and stored XSS vulnerabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Netgear DGN2200B Firmware V1.0.0.36_7.0.36
Auth required
Prerequisites: Network access to the router's web interface · Valid authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC MANUAL
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb

This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN2200B routers via the pppoe.cgi interface. It allows remote command execution by injecting commands into the PPPoE configuration parameters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netgear DGN2200B
Auth required
Prerequisites: Network access to the target device · Valid credentials for the web interface (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.2
EPSS 0.0455
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
Netgear/DGN2200B < 1.0.0.36
netgear/dgn2200b_firmware < 1.1.0.36
Published Aug 01, 2025
Tracked Since Feb 18, 2026