CVE-2013-10061
published 2025-08-01CVE-2013-10061: An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the…
PriorityP260high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
4.39%
90.1th percentile
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | dgn1000b | — | — |
| netgear | dgn1000b | — | — |
| netgear | dgn1000b_firmware | — | — |
| netgear | dgn1000b_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to /setup.cgi containing shell metacharacters or command separators in the TimeToLive parameter (e.g., ;, |, &&, backticks). ↗
- →This is a blind OS command injection — no output is returned. Detect exploitation attempts by monitoring for unexpected outbound ICMP (ping) traffic from the router to external hosts, which may indicate attacker testing. ↗
- →Flag authentication attempts using default credentials admin/admin or admin/password against the router web interface prior to exploitation. ↗
- →Scope detection to Netgear DGN1000B devices running firmware versions 1.1.00.24 and 1.1.00.45. ↗
- ·Exploitation requires prior authentication; attackers must first obtain valid credentials (e.g., via default credentials) before injecting commands. ↗
- ·The injection is blind — no command output is returned to the attacker, making detection via response-based signatures ineffective. Side-channel indicators (e.g., outbound connections, ICMP) must be used. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rbhttps://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005https://www.exploit-db.com/exploits/24464https://www.exploit-db.com/exploits/24931https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rbhttps://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005https://www.exploit-db.com/exploits/24464https://www.exploit-db.com/exploits/24931
2025-08-01
Published