CVE-2024-51010

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description A command injection issue was discovered in the ap mode.cgi component of Netgear routers, specifically via the apmode gateway parameter. This allows attackers to execute arbitrary OS commands through a crafted request. The vulnerability is related to the failure to neutralize special elements used in the operating system command when processing the apmode gateway parameter, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For Netgear R8500 version 1.0.2.160, update to a version that fixes the command injection vulnerability in the ap mode.cgi component. For Netgear XR300 version 1.0.3.78, update to a version that fixes the command injection vulnerability in the ap mode.cgi component. For Netgear R7000P version 1.3.3.154, update to a version that fixes the command injection vulnerability in the ap mode.cgi component. For Netgear R6400 v2 version 1.0.4.128, update to a version that fixes the command injection vulnerability in the ap mode.cgi component. As a temporary workaround, consider restricting access to the ap mode.cgi component and the apmode gateway parameter to minimize the risk of exploitation.