プラットフォーム
netgear
コンポーネント
netgear
修正版
1.1.00.48
CVE-2024-12847 describes a critical Command Injection vulnerability affecting NETGEAR DGN1000 routers running versions prior to 1.1.00.48. This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands with root privileges. The vulnerability has been observed in the wild since at least 2017, with recent activity reported by the Shadowserver Foundation on 2025-02-06 UTC, and a fix is available in version 1.1.00.48.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected NETGEAR DGN1000 router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks. The observed exploitation by Shadowserver Foundation highlights the real-world risk and potential for widespread compromise, especially in environments with unpatched devices.
This vulnerability has been actively exploited in the wild since at least 2017, as confirmed by the Shadowserver Foundation's observations on 2025-02-06 UTC. The ease of exploitation, combined with the router's critical role in network security, makes this a high-priority threat. While no specific KEV listing or EPSS score is currently available, the observed exploitation pattern warrants immediate attention. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and historical exploitation.
Small and medium-sized businesses (SMBs) relying on NETGEAR DGN1000 routers for internet connectivity are particularly at risk. Home users with unmanaged or poorly secured networks are also vulnerable. Shared hosting environments utilizing NETGEAR DGN1000 routers as gateway devices pose a significant risk due to the potential for lateral movement between hosted accounts.
• linux / server:
journalctl -u nginx -f | grep setup.cgi• linux / server:
ps aux | grep setup.cgi• linux / server:
find / -name setup.cgi -print 2>/dev/nulldisclosure
exploit
エクスプロイト状況
EPSS
71.26% (99% パーセンタイル)
CISA SSVC
CVSS ベクトル
悪用を検出
NextGuard は公開脅威情報フィードで積極的悪用の兆候を記録しました。
The primary mitigation for CVE-2024-12847 is to immediately upgrade affected NETGEAR DGN1000 routers to firmware version 1.1.00.48 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. While no direct WAF rules can prevent the underlying vulnerability, restricting access to the setup.cgi endpoint from untrusted networks can reduce the attack surface. Regularly monitor router logs for suspicious activity, particularly HTTP requests targeting setup.cgi. After upgrading, verify the fix by attempting to execute a simple command through the setup.cgi endpoint; the command should be rejected.
NETGEAR DGN1000 デバイスのファームウェアをバージョン 1.1.00.48 以降にアップデートすることで、オペレーティングシステムコマンドインジェクションの脆弱性を軽減してください。 NETGEAR のサポートウェブサイトまたはデバイスの管理インターフェースを通じてアップデートの可用性を確認してください。 セキュリティアップデートは利用可能になり次第適用してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-12847 is a critical vulnerability allowing remote attackers to execute commands on NETGEAR DGN1000 routers. It affects versions 0–1.1.00.48 and has been exploited since 2017.
You are affected if your NETGEAR DGN1000 router is running version 0–1.1.00.48. Check your router's firmware version and upgrade immediately if necessary.
Upgrade your NETGEAR DGN1000 router to firmware version 1.1.00.48 or later. If upgrading is not possible, restrict access to the setup.cgi endpoint.
Yes, this vulnerability has been observed in the wild since at least 2017, with recent activity reported in February 2025.
Refer to the NETGEAR security advisory published on 2025-01-10 for detailed information and instructions.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。