Command Injection Vulnerability in Netgear R8500 Router
CVE-2024-52020

Currently unrated

Key Information:

Vendor: Netgear
Status: R8500 Router
Vendor: CVE Published:; 5 November 2024

Summary

The Netgear R8500 router is susceptible to a command injection vulnerability in the wan_gateway parameter of the wiz_fix2.cgi script. This flaw enables attackers to send specially crafted requests that can execute arbitrary operating system commands. If exploited, this vulnerability poses a significant security risk, potentially allowing unauthorized access to network resources or sensitive data.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Nov 4, 2024