CVE-2024-35517

Name of the Vulnerable Software and Affected Versions Netgear XR1000 version 1.0.0.64

Description The issue is related to a lack of input sanitization in the usb remote smb conf.cgi script of the NETGEAR XR1000 Wi-Fi router's firmware. This can be exploited by a remote attacker to execute arbitrary commands using the share name parameter.

Recommendations For Netgear XR1000 version 1.0.0.64, update to the latest firmware version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable usb remote smb conf.cgi script until a patch is available. Avoid using the share name parameter in the affected API endpoint until the issue is resolved.