CVE-2013-10061 HIGH

CVE-2013-10061: Netgear Routers setup.cgi RCE

Vendor Netgear

Product DGN1000B

Weakness CWE-78

Published August 1, 2025

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

Key dates

02Disclosure timeline

August 1, 2025 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2013-10061 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2013-10061

CWE CWE-78

CVSS 8.6 / HIGH

Affected versions

Vendor Netgear

Product DGN1000B

Affected 1.1.00.24

Vendor Netgear

Product DGN1000B

Affected 1.1.00.45

CVE-2013-10061: Netgear Routers setup.cgi RCE

01Description

02Disclosure timeline

03References

04Related CVE