CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://seclists.org/bugtraq/2013/Jun/8	Mailing List Third Party Advisory
https://vulncheck.com/advisories/netgear-dgn	Vendor Advisory
https://www.exploit-db.com/exploits/25978	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43055	Exploit VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn1000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-10 20:15

Updated : 2025-12-19 20:15

NVD link : CVE-2024-12847

Mitre link : CVE-2024-12847

CVE.ORG link : CVE-2024-12847

JSON object : View

Products Affected

netgear

dgn1000_firmware
dgn1000

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-12847", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-10T20:15:30.150", "references": [{"url": "https://seclists.org/bugtraq/2013/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/netgear-dgn", "tags": ["Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/25978", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/43055", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC."}, {"lang": "es", "value": "NETGEAR DGN1000 anterior a la versi\u00f3n 1.1.00.48 es vulnerable a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo como root enviando solicitudes HTTP manipuladas al endpoint setup.cgi. Esta vulnerabilidad ha sido explotada in situ desde al menos 2017."}], "lastModified": "2025-12-19T20:15:47.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB8AB3E-F7EC-4621-9466-D274B43DDCF0", "versionEndExcluding": "1.1.00.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:dgn1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF744D68-D051-469F-9B36-B6D08A7E67A1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosure@vulncheck.com"}