What is CVE-2013-10061?

CVE-2013-10061 is a vulnerability in Netgear Dgn1000b, classified under OS Command Injection. Published 2025-08-01.

Is CVE-2013-10061 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Netgear Dgn1000b

CVE-2013-10061

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from im…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.821 (99.2th percentile) — read the EPSS interpretation.

Affected products

Netgear Dgn1000b — versions 1.1.00.45, 1.1.00.24

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/24464 (exploit)
www.exploit-db.com/exploits/24931 (exploit)
web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005 (technical-description, exploit)
www.vulncheck.com/advisories/netgear-legacy-routers-rce-2 (third-party-advisory)

Frequently asked questions

What is CVE-2013-10061?: CVE-2013-10061 is a vulnerability in Netgear Dgn1000b, classified under OS Command Injection. Published 2025-08-01.
Is CVE-2013-10061 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.