QwikSec

Security Database

CVE

CWE

Training

CVE-2013-10061

Published: Aug 1, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Vendor	Product	Versions
Netgear	DGN1000B	affected `1.1.00.24` affected `1.1.00.45`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb

exploit

https://www.exploit-db.com/exploits/24464

exploit

https://www.exploit-db.com/exploits/24931

exploit

https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005

technical-description

exploit

https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.