Authenticated Command Injection Vulnerability in Netgear AC750 WiFi Range Extender
CVE-2024-35522

7.2HIGH

Key Information:

Vendor: Netgear
Status: Ex3700 Firmware
Vendor: CVE Published:; 11 October 2024

Summary

The Netgear EX3700 AC750 WiFi Range Extender Essentials Edition is susceptible to an authenticated command injection due to improper validation of the ap_mode parameter in the operating_mode.cgi interface. This vulnerability occurs when the ap_24g_manual parameter is set to 1 and ap_24g_manual_sec is NotNone. Exploitation of this vulnerability could allow an attacker with valid credentials to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the system.

References

https://github.com/consrc/cves/blob/main/CVE-2024-35522.md

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
May 17, 2024