CVE-2013-10061

Name of the Vulnerable Software and Affected Versions Netgear routers versions 1.1.00.24 through 1.1.00.45

Description An authenticated OS command injection vulnerability exists due to improper input neutralization. This allows for command injection through crafted POST requests to the /setup.cgi API endpoint via the TimeToLive parameter. Successful exploitation enables remote attackers to deploy payloads or manipulate system state after authentication.

Recommendations For Netgear routers versions 1.1.00.24 through 1.1.00.45, restrict access to the setup.cgi endpoint or sanitize the TimeToLive parameter to prevent command injection.