Detections
Analytics

CVE-2024-12847

critical

Description

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.

References

https://isc.sans.edu/diary/rss/31638

https://isc.sans.edu/diary/rss/31592

https://www.exploit-db.com/exploits/43055

https://www.exploit-db.com/exploits/25978

https://vulncheck.com/advisories/netgear-dgn

https://seclists.org/bugtraq/2013/Jun/8

Details

Source: Mitre, NVD

Published: 2025-01-10

Updated: 2025-01-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical