CVE-2024-51005

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160

Description The issue is related to a command injection vulnerability in the share name parameter at the "usb remote smb conf.cgi" endpoint. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. The vulnerability is associated with the failure to neutralize special elements used in the operating system command when processing the share name parameter, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For Netgear R8500 version 1.0.2.160, as a temporary workaround, consider restricting access to the "usb remote smb conf.cgi" endpoint to minimize the risk of exploitation. Avoid using the share name parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.