CVE-2024-35520Command Injection in Netgear R7000 Firmware

CWE-77Command Injection3 documents3 sources
Severity
6.8MEDIUMNVD
CNA8.4
EPSS
5.4%
top 9.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R7000 Firmware
Timeline
PublishedOct 14
Latest updateOct 15

Description

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

NVDnetgear/r7000_firmware1.0.11.136

🔴Vulnerability Details

2
GHSA
GHSA-7892-3f52-8277: Netgear R7000 12024-10-15
CVEList
CVE-2024-35520: Netgear R7000 12024-10-14
CVE-2024-35520 — Command Injection in Netgear | cvebase