PT-2024-7144 · NetGear · Netgear Ex6120+2
Published
2024-02-21
·
Updated
2024-10-16
·
CVE-2024-35519
CVSS v3.1
8.4
High
| Vector | AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear EX6120 version 1.0.0.68
Netgear EX6100 version 1.0.2.28
Netgear EX3700 version 1.0.0.96
Description
The issue is related to a command injection flaw in the operating mode.cgi script of Netgear EX Series Wi-Fi Extenders. This flaw is associated with the lack of data sanitization on the management level, allowing a remote attacker to execute arbitrary commands via the
ap mode parameter.Recommendations
For Netgear EX6120 version 1.0.0.68, consider disabling access to the operating mode.cgi script until a patch is available.
For Netgear EX6100 version 1.0.2.28, restrict the use of the
ap mode parameter in the operating mode.cgi script to minimize the risk of exploitation.
For Netgear EX3700 version 1.0.0.96, avoid using the ap mode parameter in the operating mode.cgi script until the issue is resolved.Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Ex3700
Netgear Ex6100
Netgear Ex6120