Command Injection Vulnerability in NETGEAR RAX5 WiFi Router
CVE-2024-57233

9.8CRITICAL

Key Information:

Vendor: NETGEAR
Status: RAX5 WiFi Router
Vendor: CVE Published:; 5 May 2025

What is CVE-2024-57233?

The NETGEAR RAX5 WiFi Router version v1.0.2.26 is susceptible to a command injection vulnerability, which arises from improper validation of user inputs in the vif_disable function through the iface parameter. This weakness allows attackers to execute arbitrary commands on the device, potentially compromising the security and integrity of the network. Users are advised to evaluate their configurations and apply necessary mitigations to protect their systems.

References

https://github.com/yanggao017/vuln/blob/main/NETGEAR/RAX5...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Jan 9, 2025