← Zuruck zu CVEs
CVE-2024-12847
CRITICAL9.8
Beschreibung
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/10/2025
Zuletzt geandert12/19/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
netgear:dgn1000netgear:dgn1000_firmware
Schwachen (CWE)
CWE-78CWE-306CWE-306
Referenzen
https://seclists.org/bugtraq/2013/Jun/8(disclosure@vulncheck.com)
https://vulncheck.com/advisories/netgear-dgn(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/25978(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/43055(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.