CVE-2024-12847

Name of the Vulnerable Software and Affected Versions NETGEAR DGN1000 versions prior to 1.1.00.48

Description The NETGEAR DGN1000 router contains a flaw that allows bypassing the authentication process through the use of an alternative path or channel. Exploitation of this issue enables a remote, unauthenticated attacker to execute arbitrary operating system commands as root by sending specially crafted HTTP requests to the setup.cgi API Endpoint. This vulnerability has been actively exploited in the wild since at least 2017, including observed activity by the Shadowserver Foundation on 2025-02-06 UTC. The vulnerability allows attackers to interact with the router’s backend services without credentials by utilizing URLs containing the “currentsetting.htm” substring.

Recommendations For NETGEAR DGN1000 versions prior to 1.1.00.48, update the firmware to version 1.1.00.48 or later.