Vulnerability Description
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Dgn1000B Firmware | 1.1.00.24 |
| Netgear | Dgn1000B | - |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploit
- https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/24464Exploit
- https://www.exploit-db.com/exploits/24931Exploit
- https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2Third Party Advisory
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploit
- https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/24464Exploit
- https://www.exploit-db.com/exploits/24931Exploit
FAQ
What is CVE-2013-10061?
CVE-2013-10061 is a vulnerability with a CVSS score of 7.2 (HIGH). An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi end...
How severe is CVE-2013-10061?
CVE-2013-10061 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-10061?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Dgn1000B Firmware, Netgear Dgn1000B.