We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-01 | Assigner VulnCheckCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Michael Messner
raw.githubusercontent.com/.../netgear_dgn2200b_pppoe_exec.rb
www.exploit-db.com/exploits/24513
www.exploit-db.com/exploits/24974
web.archive.org/...3239/http://www.s3cur1ty.de/m1adv2013-015
www.vulncheck.com/advisories/netgear-legacy-routers-rce
Support options