CVE-2024-51010
CVSS 3.1 Score 8.0 of 10 (high)
Details
Published Nov 5, 2024
CWE ID 78
Summary
CVE-2024-51010 is a newly discovered command injection vulnerability affecting several Netgear routers, including the R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128. The vulnerability lies in the ap_mode.cgi component and can be exploited through a crafted request using the apmode_gateway parameter. Successful attacks enable attackers to execute arbitrary OS commands, potentially resulting in unauthorized access, data theft, or router compromise. Users are advised to apply the latest security patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share