Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
Researchers have found critical vulnerabilities in a number of popular brand models.
Network security experts have discovered critical vulnerabilities in popular models of Netgear WiFi amplifiers that allow attackers to execute malicious commands on vulnerable devices.
Bugs with the identifiers CVE-2024-35518 and CVE-2024-35519 affect Netgear EX6120, EX6100, and EX3700 models with outdated firmware versions. The most serious of them, CVE-2024-35518, concerns the Netgear EX6120 model with firmware version 1.0.0.68 and earlier.
This vulnerability allows remote attackers to enter commands via the "wan_dns1_pri" option in the «genie_fix2.cgi" file, which could provide full control over the device.
The second vulnerability, CVE-2024-35519, affects several amplifier models, including EX6120, EX6100, and EX3700. The bug allows you to inject commands through the "ap_mode" parameter in the «operating_mode.cgi file.
Both vulnerabilities received a high CVSS score of 8.4. They require close proximity to the network and high privileges to operate, but they don't need user interaction.
Netgear has confirmed the existence of these vulnerabilities and has released firmware updates to address them. For the EX6120 model, fixes are included in firmware version 1.0.0.98 for CVE-2024-35518 and version 1.0.0.70 for CVE-2024-35519.
The company has published detailed guidelines (1,2) and urged users to update the firmware on their devices immediately to protect against possible threats. You can check for updates through the Netgear support site or the device management interface.
Keeping your firmware up to date is key to protecting against new threats and securing your network. The identified cases highlight the need for a prompt response to detected vulnerabilities and keeping devices up to date to prevent possible attacks.
Source
Network security experts have discovered critical vulnerabilities in popular models of Netgear WiFi amplifiers that allow attackers to execute malicious commands on vulnerable devices.
Bugs with the identifiers CVE-2024-35518 and CVE-2024-35519 affect Netgear EX6120, EX6100, and EX3700 models with outdated firmware versions. The most serious of them, CVE-2024-35518, concerns the Netgear EX6120 model with firmware version 1.0.0.68 and earlier.
This vulnerability allows remote attackers to enter commands via the "wan_dns1_pri" option in the «genie_fix2.cgi" file, which could provide full control over the device.
The second vulnerability, CVE-2024-35519, affects several amplifier models, including EX6120, EX6100, and EX3700. The bug allows you to inject commands through the "ap_mode" parameter in the «operating_mode.cgi file.
Both vulnerabilities received a high CVSS score of 8.4. They require close proximity to the network and high privileges to operate, but they don't need user interaction.
Netgear has confirmed the existence of these vulnerabilities and has released firmware updates to address them. For the EX6120 model, fixes are included in firmware version 1.0.0.98 for CVE-2024-35518 and version 1.0.0.70 for CVE-2024-35519.
The company has published detailed guidelines (1,2) and urged users to update the firmware on their devices immediately to protect against possible threats. You can check for updates through the Netgear support site or the device management interface.
Keeping your firmware up to date is key to protecting against new threats and securing your network. The identified cases highlight the need for a prompt response to detected vulnerabilities and keeping devices up to date to prevent possible attacks.
Source
