CVE-2013-10061

HIGH

Netgear routers <1.1.00.45 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10061. PoCs published by Metasploit, m-1-k-3, including Metasploit module exploits/linux/http/netgear_dgn1000b_setup_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN1000B routers via the setup.cgi component. It leverages the TimeToLive parameter to execute arbitrary commands, supporting both direct command execution and MIPS payload deployment.

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/24931

This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN1000B routers via the setup.cgi component. It leverages the TimeToLive parameter to execute arbitrary commands, supporting both direct command execution and MIPS payload deployment.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netgear DGN1000B
Auth required
Prerequisites: Valid credentials for the router's web interface · Network access to the target device
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
by m-1-k-3 · textwebappshardware
https://www.exploit-db.com/exploits/24464

This exploit demonstrates an OS command injection vulnerability in Netgear DGN1000B routers via the TimeToLive parameter in the UPNP configuration. It also includes details on insecure cryptographic storage and XSS vulnerabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Netgear DGN1000B firmware V1.1.00.24 and V1.1.00.45
Auth required
Prerequisites: Network access to the device · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb

This Metasploit module exploits an authenticated OS command injection vulnerability in Netgear DGN1000B routers via the setup.cgi component's TimeToLive parameter. It supports both direct command execution and staged payload delivery for MIPS-based systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Netgear DGN1000B routers
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.2
EPSS 0.0439
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (4)
Netgear/DGN1000B 1.1.00.24
Netgear/DGN1000B 1.1.00.45
netgear/dgn1000b_firmware 1.1.00.24
netgear/dgn1000b_firmware 1.1.00.45
Published Aug 01, 2025
Tracked Since Feb 18, 2026