Command Injection Vulnerability in Netgear R8500 Router
CVE-2024-50993

Currently unrated

Key Information:

Vendor: Netgear
Status: R8500 Router
Vendor: CVE Published:; 5 November 2024

Summary

The Netgear R8500 router, specifically version v1.0.2.160, has been identified to have a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability enables attackers to exploit the router by sending specially crafted requests, potentially allowing them to execute arbitrary operating system commands. Proper safeguards and timely updates are crucial to mitigate the risks associated with this vulnerability.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 28, 2024