OS Command Injection Vulnerability in Netgear Routers
CVE-2013-10061
Key Information:
Badges
What is CVE-2013-10061?
A vulnerability has been identified in Netgear routers, particularly affecting the DGN1000B model. This vulnerability allows for authenticated OS command injection through the manipulation of the TimeToLive parameter within the setup.cgi endpoint. Attackers can exploit this weakness by sending specially crafted POST requests, leading to unauthorized command execution that can alter the state of the system after authentication. This flaw highlights the necessity for robust input validation and network security practices.
Affected Version(s)
DGN1000B 1.1.00.24
DGN1000B 1.1.00.45
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved