Authentication Bypass Vulnerability in Netgear DGN2200 Router
CVE-2024-57046

8.8HIGH

Key Information:

Vendor: Netgear
Status: DGN2200 Router
Vendor: CVE Published:; 18 February 2025

Summary

An authentication bypass vulnerability in the Netgear DGN2200 router allows unauthorized users to gain access to the device's settings. This flaw is triggered by appending '?x=1.gif' to the URL in a web request, bypassing normal authentication checks. As a result, malicious actors could exploit this vulnerability to manage the router's configurations, compromising network security. Users are strongly encouraged to upgrade to the latest firmware to mitigate this risk.

References

https://www.netgear.com/about/security/

https://github.com/Shuanunio/CVE_Requests/blob/main/Netge...

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jan 9, 2025