Command Injection Flaw in Netgear R8500 Router
CVE-2024-52021

Currently unrated

Key Information:

Vendor: Netgear
Status: R8500 Router
Vendor: CVE Published:; 5 November 2024

Summary

The Netgear R8500 router version 1.0.2.160 contains a command injection vulnerability in the wan_gateway parameter found at bsw_fix.cgi. This flaw enables attackers to exploit the system through crafted requests, allowing them to execute arbitrary operating system commands remotely. This vulnerability poses significant risks as it could lead to unauthorized access and manipulation of the affected device.

References

https://www.netgear.com/about/security/

https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vul...

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Nov 4, 2024