Command Injection Vulnerability in Netgear XR300 Router
CVE-2024-51008

Currently unrated

Key Information:

Vendor: Netgear
Status: XR300 Router
Vendor: CVE Published:; 5 November 2024

Summary

A command injection vulnerability has been identified in the Netgear XR300 Router v1.0.3.78 affecting the system_name parameter at wiz_dyn.cgi. This security flaw enables attackers to execute arbitrary operating system commands by sending specially crafted requests, potentially compromising the device's integrity and the network's security.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 28, 2024