CVE-2024-12847
Published: 10 January 2025
Description
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
Security Summary
CVE-2024-12847 is an authentication bypass vulnerability affecting NETGEAR DGN1000 router firmware versions before 1.1.00.48. It enables command injection through the setup.cgi endpoint, mapped to CWE-306 (Missing Authentication for Critical Function) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The issue allows remote execution of arbitrary operating system commands as root via crafted HTTP requests.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants full root-level command execution on the device, potentially leading to complete compromise, data theft, or use as a pivot in further attacks.
Advisories and related resources, including those from VulnCheck and Exploit-DB (exploits 25978 and 43055), along with a 2013 Bugtraq discussion, detail the issue but do not specify additional mitigations beyond upgrading to firmware version 1.1.00.48 or later.
This vulnerability has been observed in active exploitation in the wild since at least 2017, including scanning by the Shadowserver Foundation on 2025-02-06 UTC.
Details
- CWE(s)