17 matches found
EUVD-2024-51148
Malicious code in bioql PyPI...
CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...
NETGEAR DGN1000 Command Injection Vulnerability (CNVD-2025-02105)
The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...
The vulnerability of the embedded software of NETGEAR DGN1000 lies in the ability to bypass the authentication process by using an alternative path or channel, allowing a hacker to execute arbitrary code.
The vulnerability of the embedded software of NETGEAR DGN1000 lies in the ability to bypass the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HTTP requests remotely...
CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...
CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...
CVE-2024-12847
The vulnerability CVE-2024-12847 affects NETGEAR DGN1000 routers (prior to firmware version 1.1.00.48). The issue is an authentication bypass in the setup.cgi endpoint that lets a remote, unauthenticated attacker execute arbitrary OS commands as root. Impact is described as remote command executi...
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...
PT-2025-1029
Name of the Vulnerable Software and Affected Versions NETGEAR DGN1000 versions prior to 1.1.00.48 Description The NETGEAR DGN1000 router contains a flaw that allows bypassing the authentication process through the use of an alternative path or channel. Exploitation of this issue enables a remote,...
NETGEAR DGN1000 访问控制错误漏洞
The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...
Weak Password Vulnerability in NETGEAR DGN1000
The NETGEAR DGN1000 is a wireless router. A weak password vulnerability exists in the NETGEAR DGN1000. An attacker can use the weak password to log into the backend and obtain sensitive information...
Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers
A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...
VulnCheck KEV: CVE-2024-12847
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild...
Netgear DGN1000 Setup.cgi Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...
Netgear DGN1000 Setup.cgi Unauthenticated RCE
This module exploits an unauthenticated OS command execution vulneralbility in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models. This module requires Metasploit: https://metasploit.com/download Current source:...