CVE-2024-51010
published 2024-11-05CVE-2024-51010: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the…
high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | r6400v2_firmware | — | — |
| netgear | r7000p_firmware | — | — |
| netgear | r8500_firmware | — | — |
| netgear | xr300_firmware | — | — |