Anis Lounis - Security Researcher - Exploit Intelligence Platform

CVE-2024-35517 WRITEUP HIGH WRITEUP

Netgear Xr1000 Firmware - Command Injection

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.

CVSS 8.4

View Code

CVE-2024-35518 WRITEUP HIGH WRITEUP

Netgear Ex6120 Firmware < 1.0.0.68 - Command Injection

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.

CVSS 8.4

View Code

CVE-2024-35519 WRITEUP HIGH WRITEUP

Netgear Ex3700 Firmware < 1.0.0.96 - Command Injection

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

CVSS 8.4

View Code

CVE-2024-35522 WRITEUP HIGH WRITEUP

Netgear Ex3700 Firmware < 1.0.0.98 - Command Injection

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.

CVSS 8.4

View Code