CVE-2013-10060

UNKNOWN 0.0

Netgear Routers pppoe.cgi RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

CWE	CWE-78
Vendor	netgear
Product	dgn2200b
Published	Aug 1, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for netgear dgn2200b

Be the first to know when new unknown vulnerabilities affecting netgear dgn2200b are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Netgear / DGN2200B

* ≤ 1.0.0.36

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/24513 exploit-db.com: https://www.exploit-db.com/exploits/24974 web.archive.org: https://web.archive.org/web/20170422033239/http://www.s3cur1ty.de/m1adv2013-015 vulncheck.com: https://www.vulncheck.com/advisories/netgear-legacy-routers-rce

Credits

Michael Messner