平台
netgear
组件
netgear
修复版本
1.1.00.48
CVE-2024-12847 describes a critical Command Injection vulnerability affecting NETGEAR DGN1000 routers running versions prior to 1.1.00.48. This flaw allows a remote, unauthenticated attacker to execute arbitrary operating system commands with root privileges. The vulnerability has been observed in the wild since at least 2017, with recent activity reported by the Shadowserver Foundation on 2025-02-06 UTC, and a fix is available in version 1.1.00.48.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected NETGEAR DGN1000 router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's position as a gateway, a compromised device can serve as a launchpad for broader network attacks. The observed exploitation by Shadowserver Foundation highlights the real-world risk and potential for widespread compromise, especially in environments with unpatched devices.
This vulnerability has been actively exploited in the wild since at least 2017, as confirmed by the Shadowserver Foundation's observations on 2025-02-06 UTC. The ease of exploitation, combined with the router's critical role in network security, makes this a high-priority threat. While no specific KEV listing or EPSS score is currently available, the observed exploitation pattern warrants immediate attention. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and historical exploitation.
Small and medium-sized businesses (SMBs) relying on NETGEAR DGN1000 routers for internet connectivity are particularly at risk. Home users with unmanaged or poorly secured networks are also vulnerable. Shared hosting environments utilizing NETGEAR DGN1000 routers as gateway devices pose a significant risk due to the potential for lateral movement between hosted accounts.
• linux / server:
journalctl -u nginx -f | grep setup.cgi• linux / server:
ps aux | grep setup.cgi• linux / server:
find / -name setup.cgi -print 2>/dev/nulldisclosure
exploit
漏洞利用状态
EPSS
71.26% (99% 百分位)
CISA SSVC
CVSS 向量
检测到利用
NextGuard 在公共威胁情报源中记录到积极利用的指标。
The primary mitigation for CVE-2024-12847 is to immediately upgrade affected NETGEAR DGN1000 routers to firmware version 1.1.00.48 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. While no direct WAF rules can prevent the underlying vulnerability, restricting access to the setup.cgi endpoint from untrusted networks can reduce the attack surface. Regularly monitor router logs for suspicious activity, particularly HTTP requests targeting setup.cgi. After upgrading, verify the fix by attempting to execute a simple command through the setup.cgi endpoint; the command should be rejected.
将您的 NETGEAR DGN1000 设备固件更新到 1.1.00.48 或更高版本以缓解操作系统命令注入漏洞。请在 NETGEAR 支持网站或设备管理界面上检查更新是否可用。在可用时尽快应用安全更新。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-12847 is a critical vulnerability allowing remote attackers to execute commands on NETGEAR DGN1000 routers. It affects versions 0–1.1.00.48 and has been exploited since 2017.
You are affected if your NETGEAR DGN1000 router is running version 0–1.1.00.48. Check your router's firmware version and upgrade immediately if necessary.
Upgrade your NETGEAR DGN1000 router to firmware version 1.1.00.48 or later. If upgrading is not possible, restrict access to the setup.cgi endpoint.
Yes, this vulnerability has been observed in the wild since at least 2017, with recent activity reported in February 2025.
Refer to the NETGEAR security advisory published on 2025-01-10 for detailed information and instructions.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。