CVE-2013-10060 Information

Aug 02, 2025 cve

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb https://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015 https://www.exploit-db.com/exploits/24513 https://www.exploit-db.com/exploits/24974 https://www.vulncheck.com/advisories/netgear-legacy-routers-rce

CNNVD-202508-104 (Published: 2025-08-01)

Share on:

CVE-2013-10060 Information

Description

Reference

Related CNNVD