CVE-2024-35518

Name of the Vulnerable Software and Affected Versions Netgear EX6120 version 1.0.0.68

Description The issue is related to a Command Injection vulnerability in the genie fix2.cgi script via the wan dns1 pri parameter. This vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is associated with the lack of data sanitization on the management level.

Recommendations For Netgear EX6120 version 1.0.0.68, as a temporary workaround, consider disabling the genie fix2.cgi script until a patch is available. Restrict access to the wan dns1 pri parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.