Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-57046

CWE-287Improper Authentication5 documents5 sources
Severity
8.8HIGH
EPSS
56.0%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Netgear Dgn2200 Firmware
Timeline
PublishedFeb 18

Description

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-cg2m-239p-9xhp: A vulnerability in the Netgear DGN2200 router with firmware version v12025-02-18
CVEList
CVE-2024-57046: A vulnerability in the Netgear DGN2200 router with firmware version v12025-02-18
VulnCheck
NETGEAR dgn2200_firmware Improper Authentication2024

💥Exploits & PoCs

1
Nuclei
Netgear DGN2200 - Improper Authentication
CVE-2024-57046 (HIGH CVSS 8.8) | A vulnerability in the Netgear DGN2 | cvebase.io