Alireza Gharib Blog

CVE-2024-12847 – NETGEAR DGN1000 Remote Root Command Injection

CVE ID : CVE-2024-12847

Published : Jan. 10, 2025, 8:15 p.m. | 1 day, 19 hours ago

Description : NETGEAR DGN1000 before 1.1..48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Go to Source

Tags: #cve, #cybersecurity, #security, 00, 01, 02

Related Posts

CVE-2025-22777 (CVSS 9.8): Critical Security Alert for GiveWP Plugin with 100,000 Active Installations CVE-2024-57878 – Linux Kernel Arm64 Ptrace FPMR Initialization Leak CVE-2024-12847: Proof-of-Concept Exploit Code Released Chinese MirrorFace APT targets Japan Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast Threat Actors Exploit a Critical Ivanti RCE Bug, Again TheCyberThrone Security Weekly Review – January 11, 2025 Reversing, Discovering, And Exploiting A TP-Link Router Vulnerability — CVE-2024–54887 Ivanti Connect Secure Zero-Day Threat: 2,048 Vulnerable Devices and Critical Exploitation Details Unveiled Fake LDAPNightmware exploit on GitHub spreads infostealer malware CVE-2025-23128 – CVE-2022-47713: VMware VMware Workstation – Inadequate Bounds Checking CVE-2025-23127 – Here is the title: Android Permissions Denial of Service CVE-2025-23126 – CVE-2021-36344: Apache Struts Code Injection Vulnerability CVE-2025-23124 – CVE-2022-4792: Dell EMC NetWorker Authentication Bypass Vulnerability CVE-2025-22598 – WeGIA Cadastral Stored Cross-Site Scripting (XSS) Vulnerability CVE-2025-22597 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability CVE-2025-0398 – Longpi1 Warehouse Cross Site Scripting in Backend CVE-2025-0397 – Reckn SPPanAdmin Cross-Site Scripting (XSS)
, , , ,
, , , , ,
Recent Posts