Command Injection Vulnerability in Netgear Routers
CVE-2024-51021

Currently unrated

Key Information:

Vendor: Netgear
Status: Netgear XR300, R7000P, R6400
Vendor: CVE Published:; 5 November 2024

Summary

A command injection vulnerability has been identified in specific Netgear router models, allowing unauthorized users to execute arbitrary operating system commands. This flaw is found in the wan_gateway parameter at genie_fix2.cgi and can be exploited through crafted requests. Affected users should review their system configurations and implement recommended security measures to safeguard their devices against potential attacks.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 28, 2024