CVE-2024-57046

HIGH EXPLOITED NUCLEI

Netgear DGN2200 <v1.0.0.46 - Auth Bypass

Title source: llm

Exploitation Summary

CVE-2024-57046 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Nuclei Templates (1)

Netgear DGN2200 - Improper Authentication

HIGHVERIFIEDby ritikchaddha

Shodan: http.title:"DGN2200"

FOFA: title="NETGEAR DGN2200"

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Shuanunio/CVE_Requests/blob/main/Netgear/DGN2200/ACL%20bypass%20Vulnerability%20in%20Netgear%20DGN2200.md

View Exploit ZIP pw:eip

Vendor Advisory

https://www.netgear.com/about/security/

Scores

CVSS v3 8.8

EPSS 0.0206

EPSS Percentile 78.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2026-04-12

CWE

CWE-287

Status published

Products (1)

netgear/dgn2200_firmware < 1.0.0.46

Published Feb 18, 2025

Tracked Since Feb 18, 2026