CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-52022

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.5%

CVSS Severity

CVSS v3 Score 8.0

References

Products affected by CVE-2024-52022

Netgear » R6400v2 » Version: N/A

cpe:2.3:h:netgear:r6400v2:-
Netgear » R7000p » Version: N/A

cpe:2.3:h:netgear:r7000p:-
Netgear » R8500 » Version: N/A

cpe:2.3:h:netgear:r8500:-
Netgear » Xr300 » Version: N/A

cpe:2.3:h:netgear:xr300:-
Netgear » R6400v2 Firmware » Version: 1.0.4.128

cpe:2.3:o:netgear:r6400v2_firmware:1.0.4.128
Netgear » R7000p Firmware » Version: 1.3.3.154

cpe:2.3:o:netgear:r7000p_firmware:1.3.3.154
Netgear » R8500 Firmware » Version: 1.0.2.160

cpe:2.3:o:netgear:r8500_firmware:1.0.2.160
Netgear » Xr300 Firmware » Version: 1.0.3.78

cpe:2.3:o:netgear:xr300_firmware:1.0.3.78

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-52022

Products

Pricing

Contact Us