CVE-2013-10061 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the T…
High CVSS: 8.6

CVE-2013-10061

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
Vendor
Netgear
Product
Dgn1000b Firmware
CWE
CWE-78
Yayın Tarihi
2025-08-01 21:15:28
Güncelleme
2025-09-23 23:30:15
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-78 Dgn1000b Firmware HIGH Netgear 2025

Referanslar

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005 https://www.exploit-db.com/exploits/24464 https://www.exploit-db.com/exploits/24931 https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005 https://www.exploit-db.com/exploits/24464 https://www.exploit-db.com/exploits/24931