EUVD-2024-35348

Malicious code in bioql PyPI...

The vulnerability in the genie_fix2.cgi microprogramming software of Netgear R8500’s routers allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for Netgear R8500 routers lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execut...

NETGEAR R8500 genie_fix2.cgi Component Command Injection Vulnerability

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the geniefix2.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51021

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR XR300、NETGEAR R7000P和NETGEAR R6400v2 安全漏洞

NETGEAR R6400v2 and others are products of NETGEAR USA.NETGEAR R6400v2 is a router.NETGEAR R7000P is a wireless router.NETGEAR XR300 is a wireless router. A security vulnerability exists in NETGEAR XR300 version v1.0.3.78, R7000P version v1.3.3.154, and R6400v2 version 1.0.4.128, which stems from...

CVE-2024-51021

Affected devices: NETGEAR XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 (v2 1.0.4.128). Vulnerability: Command injection via the wan_gateway parameter in the genie_fix2.cgi script. This allows an attacker to craft a request that executes arbitrary OS commands on the device. Impact and severity...

The vulnerability in the genie_fix2.cgi microprogramming software for NETGEAR EX6120 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for NETGEAR EX6120 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the wandns1pri parameter...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...

CVE-2024-35518

CVE-2024-35518 affects Netgear EX6120 v1.0.0.68. The vulnerability is a command injection in the genie_fix2.cgi script via the wan_dns1_pri parameter, enabling arbitrary command execution. Public sources (CNVD/CNNVD/NVD) corroborate the flaw in the same version. CVSS details in the NVD/CVE record...

CVE-2024-35518

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in geniefix2.cgi via the wandns1pri parameter...