CVE-2024-52019

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 8EPSS 0.04%High
CVE info copied to clipboard

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-52019

Nov 5, 2024 at 3:15 PM
First Article

Feedly found the first article mentioning CVE-2024-52019. See article

Nov 5, 2024 at 3:21 PM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 3:21 PM
CVSS

A CVSS base score of 8 has been assigned.

Nov 5, 2024 at 5:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.7%)

Nov 6, 2024 at 10:26 AM
Static CVE Timeline Graph

Affected Systems

Netgear/r8500
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

Security Bulletin 06 Nov 2024 - Cyber Security Agency of Singapore
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries. CRITICAL VULNERABILITIES . CVE ...
CVE-2024-52019
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted...
CVE-2024-52019
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
CVE-2024-52019
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted...
CVE-2024-52019 | Netgear R8500 1.0.2.160 Request genie_fix2.cgi wan_gateway command injection
A vulnerability classified as critical was found in Netgear R8500 1.0.2.160 . This vulnerability affects unknown code of the file genie_fix2.cgi of the component Request Handler . The manipulation of the argument wan_gateway leads to command injection. This vulnerability was named CVE-2024-52019 . The attack can be initiated remotely. There is no exploit available.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI