CVE-2013-10061

HIGH

Netgear routers <1.1.00.45 - Command Injection

Title source: llm

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Exploits (3)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb

View Code ZIP pw:eip

exploitdb WORKING POC

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24464

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/24931

View Code ZIP pw:eip

References (5)

[Exploit] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb

[Exploit, Third Party Advisory] https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005

[Exploit] https://www.exploit-db.com/exploits/24464

[Exploit] https://www.exploit-db.com/exploits/24931

[Third Party Advisory] https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2

Scores

CVSS v3 7.2

EPSS 0.7314

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (2)

netgear/dgn1000b_firmware

netgear/dgn1000b_firmware

Timeline

Published Aug 01, 2025

Tracked Since Feb 18, 2026