CVE-2013-10061
8.6
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)
Description
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
Affected (2)
Products: Netgear: Dgn1000b Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.00.24 |
| Running on/with | Platform Versions |
|---|---|
Netgear Dgn1000b | All versions |
References (9)
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory
Timeline
No history available yet.