CVE-2024-12847

CVSS v3.1

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NETGEAR DGN1000 versions prior to 1.1.00.48

Description The NETGEAR DGN1000 router contains a flaw that allows bypassing the authentication process through an alternative path or channel. Exploitation of this issue enables a remote attacker to execute arbitrary code by sending specially crafted HTTP requests. The vulnerability affects the

setup.cgi

endpoint, allowing an unauthenticated attacker to execute arbitrary operating system commands as root. This issue has been exploited in the wild since at least 2017. The

setup.cgi

endpoint is vulnerable to crafted HTTP requests.

Recommendations Update NETGEAR DGN1000 to version 1.1.00.48 or later.

Exploit

Fix

OS Command Injection

Authentication Bypass Using an Alternate Path or Channel

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-288CWE-306

Related Identifiers

BDU:2025-00227

CVE-2024-12847

Affected Products

Netgear Dgn1000

CVE-2024-12847

Weakness Enumeration

Related Identifiers

Affected Products

References · 31