Details of VAR-202508-0094

ID

VAR-202508-0094

CVE

CVE-2013-10061

TITLE

of netgear DGN1000B in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-015017

DESCRIPTION

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication. (DoS) It may be in a state. The Netgear DGN1000B is a wireless router from Netgear. Netgear DGN1000B versions 1.1.00.24 and 1.1.00.45 contain a code execution vulnerability due to insufficient input sanitization in the setup.cgi endpoint. An attacker could exploit this vulnerability to cause remote code execution

Trust: 2.16

sources: NVD: CVE-2013-10061 // JVNDB: JVNDB-2025-015017 // CNVD: CNVD-2025-18648

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18648

AFFECTED PRODUCTS

vendor:	netgear	model:	dgn1000b	scope:	eq	version:	1.1.00.45	Trust: 1.6
vendor:	netgear	model:	dgn1000b	scope:	eq	version:	1.1.00.24	Trust: 1.6
vendor:	ネットギア	model:	dgn1000b	scope:	eq	version:	dgn1000b firmware 1.1.00.45	Trust: 0.8
vendor:	ネットギア	model:	dgn1000b	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgn1000b	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgn1000b	scope:	eq	version:	dgn1000b firmware 1.1.00.24	Trust: 0.8

sources: CNVD: CNVD-2025-18648 // JVNDB: JVNDB-2025-015017 // NVD: CVE-2013-10061

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-10061
value:	HIGH
Trust: 1.0
disclosure@vulncheck.com:	CVE-2013-10061
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-10061
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-18648
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-18648
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-10061
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2013-10061
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-18648 // JVNDB: JVNDB-2025-015017 // NVD: CVE-2013-10061 // NVD: CVE-2013-10061

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015017 // NVD: CVE-2013-10061

PATCH

title:

Patch for Netgear DGN1000B Code Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/718841

Trust: 0.6

sources: CNVD: CNVD-2025-18648

EXTERNAL IDS

db:	NVD	id:	CVE-2013-10061	Trust: 3.2
db:	EXPLOIT-DB	id:	24464	Trust: 1.8
db:	EXPLOIT-DB	id:	24931	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-015017	Trust: 0.8
db:	CNVD	id:	CNVD-2025-18648	Trust: 0.6

sources: CNVD: CNVD-2025-18648 // JVNDB: JVNDB-2025-015017 // NVD: CVE-2013-10061

REFERENCES

url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb	Trust: 1.8
url:	https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005	Trust: 1.8
url:	https://www.exploit-db.com/exploits/24464	Trust: 1.8
url:	https://www.exploit-db.com/exploits/24931	Trust: 1.8
url:	https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-10061	Trust: 0.8
url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/	Trust: 0.6

sources: CNVD: CNVD-2025-18648 // JVNDB: JVNDB-2025-015017 // NVD: CVE-2013-10061

SOURCES

db:	CNVD	id:	CNVD-2025-18648
db:	JVNDB	id:	JVNDB-2025-015017
db:	NVD	id:	CVE-2013-10061

LAST UPDATE DATE

2025-10-05T23:34:08.766000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18648	date:	2025-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-015017	date:	2025-10-03T08:56:00
db:	NVD	id:	CVE-2013-10061	date:	2025-09-23T23:30:15.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18648	date:	2025-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-015017	date:	2025-10-03T00:00:00
db:	NVD	id:	CVE-2013-10061	date:	2025-08-01T21:15:28.350