VYPR
Unrated severityNVD Advisory· Published Aug 1, 2025· Updated Apr 7, 2026

Netgear Routers pppoe.cgi RCE

CVE-2013-10060

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Netgear/DGN2200v4llm-fuzzy2 versions
    <=1.0.0.36+ 1 more
    • (no CPE)range: <=1.0.0.36
    • (no CPE)range: *

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.