ГлавнаяУязвимости → CVE-2024-12847
9.8критическая

CVE-2024-12847

Описание

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

Затрагиваемое ПО
Netgear Dgn1000 firmwareNetgear Dgn1000
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://seclists.org/bugtraq/2013/Jun/8https://vulncheck.com/advisories/netgear-dgnhttps://www.exploit-db.com/exploits/25978https://www.exploit-db.com/exploits/43055