Anis Lounis - Security Researcher - Exploit Intelligence Platform

CVE-2024-35517 WRITEUP HIGH WRITEUP

Netgear XR1000 v1.0.0.64 - OS Command Injection via usb_remote_smb_conf.cgi share_name Parameter

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.

CVSS 8.4

View Code

CVE-2024-35518 WRITEUP HIGH WRITEUP

Netgear EX6120 < 1.0.0.68 - OS Command Injection via wan_dns1_pri Parameter

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.

CVSS 8.4

View Code

CVE-2024-35519 WRITEUP HIGH WRITEUP

Netgear EX3700 < 1.0.0.96, EX6100 < 1.0.2.28, EX6120 < 1.0.0.68 - OS Command Injection via ap_mode Parameter

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

CVSS 8.4

View Code

CVE-2024-35522 WRITEUP HIGH WRITEUP

Netgear EX3700 Firmware < 1.0.0.98 - Authenticated Command Injection via ap_mode Parameter

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.

CVSS 8.4

View Code