CVE-2024-35522

Name of the Vulnerable Software and Affected Versions Netgear EX3700 versions prior to 1.0.0.98

Description The issue is related to a lack of input sanitization in the operating mode.cgi script of the NETGEAR EX3700 router's firmware. This can be exploited by a remote attacker to execute arbitrary commands using the ap mode parameter when ap 24g manual is set to 1 and ap 24g manual sec is set to NotNone.

Recommendations For versions prior to 1.0.0.98, update to version 1.0.0.98 or later to resolve the issue. As a temporary workaround, consider restricting access to the operating mode.cgi script and avoiding the use of the ap mode parameter until a patch is applied. Additionally, restrict the use of ap 24g manual and ap 24g manual sec parameters in the affected API endpoint until the issue is resolved.