CVE-2024-35519

HIGH

Netgear EX3700 < 1.0.0.96, EX6100 < 1.0.2.28, EX6120 < 1.0.0.68 - OS Command Injection via ap_mode Parameter

Title source: llm

Description

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/consrc/cves/blob/main/CVE-2024-35519.md

View Writeup ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0101

EPSS Percentile 58.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77 CWE-78

Status published

Products (3)

netgear/ex3700_firmware < 1.0.0.96

netgear/ex6100_firmware < 1.0.2.28

netgear/ex6120_firmware < 1.0.0.68

Published Oct 14, 2024

Tracked Since Feb 18, 2026