EIP-2026-117682

PRE-CVE

Netgear Genie 2.4.64 - Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117682. PoCs published by Mert Daş.

AI-analyzed exploit summary This is a technical writeup describing an unquoted service path vulnerability in Netgear Genie 2.4.64. The vulnerability allows local privilege escalation (LPE) by exploiting the service path's lack of quotes, enabling an attacker to insert malicious executables in the system root path.

Description

Netgear Genie 2.4.64 - Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Mert Daş · textlocalwindows

https://www.exploit-db.com/exploits/50443

View Code ZIP pw:eip

This is a technical writeup describing an unquoted service path vulnerability in Netgear Genie 2.4.64. The vulnerability allows local privilege escalation (LPE) by exploiting the service path's lack of quotes, enabling an attacker to insert malicious executables in the system root path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Netgear Genie 2.4.64

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1546.005 - Trap

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026