CVE-2024-52018

CVSS 3.1 Score 8 of 10 (high)

Details

Published Nov 5, 2024
CWE ID 78

Summary

CVE-2024-52018 is a newly discovered vulnerability affecting the Netgear XR300 v1.0.3.78 firmware. This issue involves a command injection flaw in the genie_dyn.cgi file, specifically within the system_name parameter. An attacker can exploit this vulnerability by sending a crafted request, allowing them to execute arbitrary OS commands and potentially gain unauthorized access to the system. This vulnerability poses a significant risk and requires immediate attention from Netgear and its users to apply available patches or workarounds to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share