What is CVE-2013-10060?

CVE-2013-10060 is a vulnerability in Netgear Dgn2200b, classified under OS Command Injection. Published 2025-08-01.

Is CVE-2013-10060 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Netgear Dgn2200b

CVE-2013-10060

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary co…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.787 (99.1th percentile) — read the EPSS interpretation.

Affected products

Netgear Dgn2200b — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/24513 (exploit)
www.exploit-db.com/exploits/24974 (exploit)
web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015 (technical-description, exploit)
www.vulncheck.com/advisories/netgear-legacy-routers-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10060?: CVE-2013-10060 is a vulnerability in Netgear Dgn2200b, classified under OS Command Injection. Published 2025-08-01.
Is CVE-2013-10060 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.