Details of VAR-202508-0094

ID

VAR-202508-0094

CVE

CVE-2013-10061

TITLE

Netgear DGN1000B Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-18648

DESCRIPTION

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication. The Netgear DGN1000B is a wireless router from Netgear. Netgear DGN1000B versions 1.1.00.24 and 1.1.00.45 contain a code execution vulnerability due to insufficient input sanitization in the setup.cgi endpoint. An attacker could exploit this vulnerability to cause remote code execution

Trust: 1.44

sources: NVD: CVE-2013-10061 // CNVD: CNVD-2025-18648

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18648

AFFECTED PRODUCTS

vendor:	netgear	model:	dgn1000b	scope:	eq	version:	1.1.00.45	Trust: 0.6
vendor:	netgear	model:	dgn1000b	scope:	eq	version:	1.1.00.24	Trust: 0.6

sources: CNVD: CNVD-2025-18648

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2013-10061
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-18648
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-18648
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-18648 // NVD: CVE-2013-10061

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2013-10061

PATCH

title:

Patch for Netgear DGN1000B Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/718841

Trust: 0.6

sources: CNVD: CNVD-2025-18648

EXTERNAL IDS

db:	NVD	id:	CVE-2013-10061	Trust: 1.6
db:	EXPLOIT-DB	id:	24931	Trust: 1.0
db:	EXPLOIT-DB	id:	24464	Trust: 1.0
db:	CNVD	id:	CNVD-2025-18648	Trust: 0.6

sources: CNVD: CNVD-2025-18648 // NVD: CVE-2013-10061

REFERENCES

url:	https://www.exploit-db.com/exploits/24931	Trust: 1.0
url:	https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2	Trust: 1.0
url:	https://www.exploit-db.com/exploits/24464	Trust: 1.0
url:	https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005	Trust: 1.0
url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb	Trust: 1.0
url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/	Trust: 0.6

sources: CNVD: CNVD-2025-18648 // NVD: CVE-2013-10061

SOURCES

db:	CNVD	id:	CNVD-2025-18648
db:	NVD	id:	CVE-2013-10061

LAST UPDATE DATE

2025-08-17T23:45:43.841000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18648	date:	2025-08-15T00:00:00
db:	NVD	id:	CVE-2013-10061	date:	2025-08-06T15:15:30.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18648	date:	2025-08-14T00:00:00
db:	NVD	id:	CVE-2013-10061	date:	2025-08-01T21:15:28.350