CVE-2013-10061 – This CVE describes an authenticated OS command ... (How to Fix)

Q: What is the severity of CVE-2013-10061?

CVE-2013-10061 has a CVSS score of 7.2 (HIGH). This CVE describes an authenticated OS command injection vulnerability in Netgear DGN1000B routers that allows authenticated attackers to execute arbitrary commands on the device. Attackers can deploy payloads or manipulate system state after gaining valid credentials. This affects users of specific Netgear router models with vulnerable firmware versions.

📋 TL;DR

This CVE describes an authenticated OS command injection vulnerability in Netgear DGN1000B routers that allows authenticated attackers to execute arbitrary commands on the device. Attackers can deploy payloads or manipulate system state after gaining valid credentials. This affects users of specific Netgear router models with vulnerable firmware versions.

💻 Affected Systems

Products:

Netgear DGN1000B

Versions: Firmware versions 1.1.00.24 and 1.1.00.45

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to exploit. Other Netgear models may be affected but only DGN1000B was confirmed in references.

📦 What is this software?

Dgn1000b Firmware by Netgear

View all CVEs affecting Dgn1000b Firmware →

Dgn1000b Firmware by Netgear

View all CVEs affecting Dgn1000b Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to install persistent backdoors, intercept all network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Attackers with valid credentials can execute arbitrary commands to modify router configuration, steal credentials, or deploy malware on connected devices.

🟢

If Mitigated

With proper network segmentation and strong authentication controls, impact is limited to the router itself without lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Metasploit module available. Requires valid credentials. Exploitation involves sending crafted POST requests to setup.cgi with malicious TimeToLive parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found in references

Restart Required: No

Instructions:

No official patch available. Consider replacing affected hardware with supported models.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers from critical network segments

Access Control

linux

Restrict access to router administration interface

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace affected routers with supported models that receive security updates
Implement strict network monitoring for suspicious POST requests to setup.cgi endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at http://router_ip/ or via command: curl -s http://router_ip/ | grep -i firmware

Check Version:

curl -s http://router_ip/ | grep -o 'Firmware Version:[^<]*'

Verify Fix Applied:

Verify firmware version is not 1.1.00.24 or 1.1.00.45

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /setup.cgi
Commands with shell metacharacters in TimeToLive parameter
Multiple failed authentication attempts followed by successful login

Network Indicators:

POST requests to /setup.cgi containing shell metacharacters like ;, |, &, or $( ) in parameters
Unusual outbound connections from router to external IPs

SIEM Query:

source="router_logs" AND (uri_path="/setup.cgi" AND (param="TimeToLive" AND value MATCHES "[;&|`$()]"))

📊 Metadata

CVE ID: CVE-2013-10061

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 73.14% exploit probability (98.8th percentile)

Published: August 1, 2025

Last Updated: September 23, 2025

🔗 References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb Exploit
https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005 Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/24464 Exploit
https://www.exploit-db.com/exploits/24931 Exploit
https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2 Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb Exploit
https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005 Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/24464 Exploit
https://www.exploit-db.com/exploits/24931 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-10061, you might also want to check these: