Command Injection Vulnerability in Netgear R8500 Router
CVE-2024-51005

Currently unrated

Key Information:

Vendor: Netgear
Status: R8500 Router
Vendor: CVE Published:; 5 November 2024

Summary

The Netgear R8500 router version 1.0.2.160 is susceptible to a command injection vulnerability found in the share_name parameter of usb_remote_smb_conf.cgi. This flaw allows attackers to send specially crafted requests to the router, potentially enabling them to execute arbitrary operating system commands. The exploitation of this vulnerability poses significant risks to network security, making it imperative for users to update their devices and apply security patches as they become available.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 28, 2024