Netgear DGN2200B Router RCE via pppoe.cgi command injection (<=1.0.0.36)
CVE-2013-10060 Published on August 1, 2025
Netgear Routers pppoe.cgi RCE
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2013-10060 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2013-10060
Want to know whenever a new CVE is published for Netgear Dgn2200b Firmware? stack.watch will email you.
Affected Versions
Netgear DGN2200B:- Version *, <= 1.0.0.36 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.