CVE-2024-35520

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:1.0.11.136:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

History

16 Oct 2024, 17:14

Type Values Removed Values Added
CPE cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7000_firmware:1.0.11.136:*:*:*:*:*:*:*
First Time Netgear r7000
Netgear
Netgear r7000 Firmware
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 6.8
References () https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 - () https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 - Third Party Advisory

15 Oct 2024, 15:35

Type Values Removed Values Added
CWE CWE-77

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Netgear R7000 1.0.11.136 es vulnerable a la inyección de comandos en RMT_invite.cgi a través del parámetro device_name2.

14 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 22:15

Updated : 2024-10-16 17:14


NVD link : CVE-2024-35520

Mitre link : CVE-2024-35520

CVE.ORG link : CVE-2024-35520


JSON object : View

Products Affected

netgear

  • r7000
  • r7000_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')