Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
References
Link | Resource |
---|---|
https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Oct 2024, 17:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:1.0.11.136:*:*:*:*:*:*:* |
|
First Time |
Netgear r7000
Netgear Netgear r7000 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
References | () https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 - Third Party Advisory |
15 Oct 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-14 22:15
Updated : 2024-10-16 17:14
NVD link : CVE-2024-35520
Mitre link : CVE-2024-35520
CVE.ORG link : CVE-2024-35520
JSON object : View
Products Affected
netgear
- r7000
- r7000_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')