CVE-2024-51021

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Nov 5, 2024
CWE ID 78

Summary

CVE-2024-51021 is a recently disclosed command injection vulnerability that affects specific Netgear routers, including the XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128. The issue lies in the genie_fix2.cgi file, where an attacker can inject malicious commands into the wan_gateway parameter, resulting in arbitrary OS command execution. This vulnerability poses a significant risk, as it allows attackers to gain unauthorized access and control over affected routers. Users are advised to update their devices to the latest firmware as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share