Lucene search

K
cveMitreCVE-2024-52018
HistoryNov 05, 2024 - 3:15 p.m.

CVE-2024-52018

2024-11-0515:15:26
CWE-78
mitre
web.nvd.nist.gov
22
netgear
xr300
command injection
vulnerability
system_name parameter
genie_dyn.cgi
os commands

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0

Percentile

10.7%

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0

Percentile

10.7%

Related for CVE-2024-52018