CVE-2013-10060
published 2025-08-01CVE-2013-10060: An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the…
PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
4.55%
90.4th percentile
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | dgn2200b | <= 1.0.0.36 | — |
| netgear | dgn2200b_firmware | <= 1.1.0.36 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the /pppoe.cgi endpoint on Netgear DGN2200B devices, particularly POST requests containing shell metacharacters or command sequences in the pppoe_username parameter. ↗
- →Since the vulnerability is a blind OS command injection, look for out-of-band indicators such as unexpected ICMP ping traffic originating from the router to external/attacker-controlled hosts as a sign of exploitation testing. ↗
- →Alert on successful authentication to the Netgear DGN2200B web interface using default credentials (admin/admin or admin/password) followed by requests to pppoe.cgi. ↗
- →Flag firmware versions 1.0.0.36 and prior on Netgear DGN2200B devices as vulnerable; inventory and prioritize these for patching or network isolation. ↗
- ·Exploitation overwrites parts of the PPPoE configuration on the device; defenders should verify PPPoE settings integrity after any suspected exploitation event. ↗
- ·The vulnerability may persist across reboots if the malicious configuration is not explicitly restored, meaning a reboot alone is insufficient for remediation. ↗
- ·No command output is returned to the attacker due to the blind nature of the injection; detection cannot rely on response-body anomalies and must focus on out-of-band signals or configuration changes. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rbhttps://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015https://www.exploit-db.com/exploits/24513https://www.exploit-db.com/exploits/24974https://www.vulncheck.com/advisories/netgear-legacy-routers-rcehttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rbhttps://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015https://www.exploit-db.com/exploits/24513https://www.exploit-db.com/exploits/24974
2025-08-01
Published