CVE-2013-10060

HIGH

CVSS v3

7.2

HIGH

EPSS Score

61.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

Technical Details

Published
8/1/2025

Frequently Asked Questions

What is CVE-2013-10060?

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.

Is CVE-2013-10060 actively exploited?

Active exploitation of CVE-2013-10060 has not been confirmed. The EPSS score is 61.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2013-10060?

CVE-2013-10060 has a CVSS v3 base score of 7.2 (HIGH severity).

Is CVE-2013-10060 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.