The vulnerability in the ap_mode.cgi script of NETGEAR’s router microprogramming devices R8500, XR300, R7000P, and R6400 v2 allows a hacker to execute arbitrary commands.

The vulnerability of the apmode.cgi script in NETGEAR’s router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the apmodegateway parameter. Exploiting this...

CVE-2024-52022

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlgadv.cgi via the apmodegateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51010

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component apmode.cgi via the apmodegateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51010

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component apmode.cgi via the apmodegateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...