CVE-2013-10060

Critical CVSS 9.4

Overview

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

CWE: CWE-78 Published: 2025-08-01T21:15:28.163

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.4 (CRITICAL)
Detected tags: command_injection (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags