CVE-2024-52022

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 8EPSS 0.04%High
CVE info copied to clipboard

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-52022

Nov 5, 2024 at 3:15 PM
First Article

Feedly found the first article mentioning CVE-2024-52022. See article

Nov 5, 2024 at 3:21 PM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 3:21 PM
CVSS

A CVSS base score of 8 has been assigned.

Nov 5, 2024 at 4:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 10:26 AM
Static CVE Timeline Graph

Affected Systems

Netgear/r8500
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI