CVE-2013-10060

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.4CRITICAL

EPSS

61.0%

top 1.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Dgn2200b Netgear Dgn2200b Firmware

Timeline

PublishedAug 1

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶NVDnetgear/dgn2200b_firmware1.1.0.36

▶CVEListV5netgear/dgn2200b* — 1.0.0.36

🔴Vulnerability Details

GHSA

GHSA-5fhc-hfwc-c254: An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1↗2025-08-01

▶

CVEList

Netgear Routers pppoe.cgi RCE↗2025-08-01

▶