प्लेटफ़ॉर्म
netgear
घटक
netgear
में ठीक किया गया
1.1.00.48
CVE-2024-12847 describes a critical Command Injection vulnerability affecting NETGEAR DGN1000 routers running versions prior to 1.1.00.48. This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands with root privileges. The vulnerability has been observed in the wild since at least 2017, with recent activity reported by the Shadowserver Foundation on 2025-02-06 UTC, and a fix is available in version 1.1.00.48.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected NETGEAR DGN1000 router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks. The observed exploitation by Shadowserver Foundation highlights the real-world risk and potential for widespread compromise, especially in environments with unpatched devices.
This vulnerability has been actively exploited in the wild since at least 2017, as confirmed by the Shadowserver Foundation's observations on 2025-02-06 UTC. The ease of exploitation, combined with the router's critical role in network security, makes this a high-priority threat. While no specific KEV listing or EPSS score is currently available, the observed exploitation pattern warrants immediate attention. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and historical exploitation.
Small and medium-sized businesses (SMBs) relying on NETGEAR DGN1000 routers for internet connectivity are particularly at risk. Home users with unmanaged or poorly secured networks are also vulnerable. Shared hosting environments utilizing NETGEAR DGN1000 routers as gateway devices pose a significant risk due to the potential for lateral movement between hosted accounts.
• linux / server:
journalctl -u nginx -f | grep setup.cgi• linux / server:
ps aux | grep setup.cgi• linux / server:
find / -name setup.cgi -print 2>/dev/nulldisclosure
exploit
एक्सप्लॉइट स्थिति
EPSS
71.26% (99% शतमक)
CISA SSVC
CVSS वेक्टर
शोषण का पता चला
NextGuard ने सार्वजनिक खुफिया फ़ीड में सक्रिय शोषण के संकेतक दर्ज किए।
The primary mitigation for CVE-2024-12847 is to immediately upgrade affected NETGEAR DGN1000 routers to firmware version 1.1.00.48 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. While no direct WAF rules can prevent the underlying vulnerability, restricting access to the setup.cgi endpoint from untrusted networks can reduce the attack surface. Regularly monitor router logs for suspicious activity, particularly HTTP requests targeting setup.cgi. After upgrading, verify the fix by attempting to execute a simple command through the setup.cgi endpoint; the command should be rejected.
अपने NETGEAR DGN1000 डिवाइस के फर्मवेयर को संस्करण 1.1.00.48 या बाद के संस्करण में अपडेट करें ताकि ऑपरेटिंग सिस्टम कमांड इंजेक्शन (OS Command Injection) भेद्यता को कम किया जा सके। NETGEAR सपोर्ट वेबसाइट या डिवाइस के व्यवस्थापन इंटरफ़ेस के माध्यम से अपडेट की उपलब्धता की जांच करें। जैसे ही वे उपलब्ध हों, सुरक्षा अपडेट लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-12847 is a critical vulnerability allowing remote attackers to execute commands on NETGEAR DGN1000 routers. It affects versions 0–1.1.00.48 and has been exploited since 2017.
You are affected if your NETGEAR DGN1000 router is running version 0–1.1.00.48. Check your router's firmware version and upgrade immediately if necessary.
Upgrade your NETGEAR DGN1000 router to firmware version 1.1.00.48 or later. If upgrading is not possible, restrict access to the setup.cgi endpoint.
Yes, this vulnerability has been observed in the wild since at least 2017, with recent activity reported in February 2025.
Refer to the NETGEAR security advisory published on 2025-01-10 for detailed information and instructions.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।