Platform
netgear
Component
netgear
Fixed in
1.1.00.48
CVE-2024-12847 describes a critical Command Injection vulnerability affecting NETGEAR DGN1000 routers running versions prior to 1.1.00.48. This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands with root privileges. The vulnerability has been observed in the wild since at least 2017, with recent activity reported by the Shadowserver Foundation on 2025-02-06 UTC, and a fix is available in version 1.1.00.48.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected NETGEAR DGN1000 router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks. The observed exploitation by Shadowserver Foundation highlights the real-world risk and potential for widespread compromise, especially in environments with unpatched devices.
This vulnerability has been actively exploited in the wild since at least 2017, as confirmed by the Shadowserver Foundation's observations on 2025-02-06 UTC. The ease of exploitation, combined with the router's critical role in network security, makes this a high-priority threat. While no specific KEV listing or EPSS score is currently available, the observed exploitation pattern warrants immediate attention. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and historical exploitation.
Exploit Status
EPSS
71.26% (99% percentile)
CISA SSVC
CVSS Vector
Exploitation detected
NextGuard recorded active exploitation indicators in public threat intel feeds.
The primary mitigation for CVE-2024-12847 is to immediately upgrade affected NETGEAR DGN1000 routers to firmware version 1.1.00.48 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. While no direct WAF rules can prevent the underlying vulnerability, restricting access to the setup.cgi endpoint from untrusted networks can reduce the attack surface. Regularly monitor router logs for suspicious activity, particularly HTTP requests targeting setup.cgi. After upgrading, verify the fix by attempting to execute a simple command through the setup.cgi endpoint; the command should be rejected.
Update the firmware of your NETGEAR DGN1000 device to version 1.1.00.48 or later to mitigate the operating system command injection vulnerability. Check for the availability of the update on the NETGEAR support website or through the device's administration interface. Apply security updates as soon as they are available.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-12847 is a critical vulnerability allowing remote attackers to execute commands on NETGEAR DGN1000 routers. It affects versions 0–1.1.00.48 and has been exploited since 2017.
You are affected if your NETGEAR DGN1000 router is running version 0–1.1.00.48. Check your router's firmware version and upgrade immediately if necessary.
Upgrade your NETGEAR DGN1000 router to firmware version 1.1.00.48 or later. If upgrading is not possible, restrict access to the setup.cgi endpoint.
Yes, this vulnerability has been observed in the wild since at least 2017, with recent activity reported in February 2025.
Refer to the NETGEAR security advisory published on 2025-01-10 for detailed information and instructions.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.