Vulnerability Details CVE-2024-51021
Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2024-51021
-
cpe:2.3:h:netgear:r6400v2:-
-
cpe:2.3:h:netgear:r7000p:-
-
cpe:2.3:h:netgear:xr300:-
-
cpe:2.3:o:netgear:r6400v2_firmware:1.0.4.128
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.3.154
-
cpe:2.3:o:netgear:xr300_firmware:1.0.3.78