CVE-2013-10060 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.…
Critical CVSS: 9.4

CVE-2013-10060

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Vendor
Netgear
Product
Dgn2200b Firmware
CWE
CWE-78
Yayın Tarihi
2025-08-01 21:15:28
Güncelleme
2025-09-23 17:07:29
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-78 Dgn2200b Firmware CRITICAL Netgear 2025

Referanslar

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb https://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015 https://www.exploit-db.com/exploits/24513 https://www.exploit-db.com/exploits/24974 https://www.vulncheck.com/advisories/netgear-legacy-routers-rce https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb https://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015 https://www.exploit-db.com/exploits/24513 https://www.exploit-db.com/exploits/24974