cnvd - cnvd-2025-18648

cnvd-2025-18648

Vulnerability from cnvd

Title

Netgear DGN1000B代码执行漏洞

Description

Netgear DGN1000B是美国网件（Netgear）公司的一款无线路由器。 Netgear DGN1000B 1.1.00.24版本和1.1.00.45版本存在代码执行漏洞，该漏洞源于setup.cgi端点输入清理不足，攻击者可利用该漏洞可能导致远程代码执行。

Severity

高

Patch Name

Netgear DGN1000B代码执行漏洞的补丁

Patch Description

Netgear DGN1000B是美国网件（Netgear）公司的一款无线路由器。 Netgear DGN1000B 1.1.00.24版本和1.1.00.45版本存在代码执行漏洞，该漏洞源于setup.cgi端点输入清理不足，攻击者可利用该漏洞可能导致远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.netgear.com/support/product/dgn1000/#download

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/

Impacted products

Name
['NetGear DGN1000B 1.1.00.45', 'NetGear DGN1000B 1.1.00.24']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2013-10061",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2013-10061"
    }
  },
  "description": "Netgear DGN1000B\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nNetgear DGN1000B 1.1.00.24\u7248\u672c\u548c1.1.00.45\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8esetup.cgi\u7aef\u70b9\u8f93\u5165\u6e05\u7406\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.netgear.com/support/product/dgn1000/#download",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-18648",
  "openTime": "2025-08-14",
  "patchDescription": "Netgear DGN1000B\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08Netgear\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\nNetgear DGN1000B 1.1.00.24\u7248\u672c\u548c1.1.00.45\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8esetup.cgi\u7aef\u70b9\u8f93\u5165\u6e05\u7406\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Netgear DGN1000B\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NetGear DGN1000B 1.1.00.45",
      "NetGear DGN1000B 1.1.00.24"
    ]
  },
  "referenceLink": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/",
  "serverity": "\u9ad8",
  "submitTime": "2025-08-11",
  "title": "Netgear DGN1000B\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2013-10061 (GCVE-0-2013-10061)

Vulnerability from cvelistv5

Published

2025-08-01 20:45

Modified

2025-08-06 14:16

Severity ?

8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Summary

An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.

References

URL

Tags

	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb	exploit
	https://www.exploit-db.com/exploits/24464	exploit
	https://www.exploit-db.com/exploits/24931	exploit
	https://web.archive.org/web/20150218074318/http://www.s3cur1ty.de/m1adv2013-005	technical-description, exploit
	https://www.vulncheck.com/advisories/netgear-legacy-routers-rce-2	third-party-advisory