CVE-2024-35522

CWE-77 — Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.6%

top 31.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Ex3700 Firmware

Timeline

PublishedOct 11

Latest updateOct 12

Description

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages1 packages

▶NVDnetgear/ex3700_firmware< 1.0.0.98

🔴Vulnerability Details

GHSA

GHSA-r58v-99w5-7j3x: Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1↗2024-10-12

▶

CVEList

CVE-2024-35522: Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1↗2024-10-11

▶