CVE-2024-52021
CVSS 3.1 Score 8.0 of 10 (high)
Details
Published Nov 5, 2024
CWE ID 78
Summary
CVE-2024-52021 is a newly disclosed command injection vulnerability affecting Netgear R8500 v1.0.2.160 routers. The issue lies in the bsw_fix.cgi file, where the wan_gateway parameter is susceptible to attack. By crafting a maliciously crafted request, attackers can inject and execute arbitrary OS commands, potentially leading to unauthorized access, data theft, or system compromise. This vulnerability underscores the importance of keeping networking devices up-to-date with the latest security patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- R8 500