CVE-2024-52022

CVSS 3.1 Score 8 of 10 (high)

Details

Published Nov 5, 2024
CWE ID 77

Summary

CVE-2024-52022 is a command injection vulnerability affecting several Netgear routers including the R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128. The issue lies in the wlg_adv.cgi component and can be exploited by attackers through manipulation of the apmode_gateway parameter. Successful exploitation allows the execution of arbitrary OS commands, potentially leading to serious security implications. Users are advised to update their routers as soon as patches become available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share