Details of VAR-202501-1344

ID

VAR-202501-1344

CVE

CVE-2024-12847

TITLE

NETGEAR DGN1000 Command Injection Vulnerability (CNVD-2025-02105)

Trust: 0.6

sources: CNVD: CNVD-2025-02105

DESCRIPTION

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017. NETGEAR DGN1000 is a wireless router from NETGEAR, used for home and small office network connections

Trust: 1.44

sources: NVD: CVE-2024-12847 // CNVD: CNVD-2025-02105

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02105

AFFECTED PRODUCTS

vendor:

netgear

model:

dgn1000

scope:

version:

1.1.00.48

Trust: 0.6

sources: CNVD: CNVD-2025-02105

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2024-12847
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-02105
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-02105
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

disclosure@vulncheck.com:	CVE-2024-12847
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02105 // NVD: CVE-2024-12847

PROBLEMTYPE DATA

problemtype:

CWE-288

Trust: 1.0

sources: NVD: CVE-2024-12847

PATCH

title:

Patch for NETGEAR DGN1000 Command Injection Vulnerability (CNVD-2025-02105)

url:

https://www.cnvd.org.cn/patchInfo/show/652621

Trust: 0.6

sources: CNVD: CNVD-2025-02105

EXTERNAL IDS

db:	EXPLOIT-DB	id:	43055	Trust: 1.6
db:	EXPLOIT-DB	id:	25978	Trust: 1.6
db:	NVD	id:	CVE-2024-12847	Trust: 1.6
db:	CNVD	id:	CNVD-2025-02105	Trust: 0.6

sources: CNVD: CNVD-2025-02105 // NVD: CVE-2024-12847

REFERENCES

url:	https://seclists.org/bugtraq/2013/jun/8	Trust: 1.6
url:	https://vulncheck.com/advisories/netgear-dgn	Trust: 1.6
url:	https://www.exploit-db.com/exploits/25978	Trust: 1.6
url:	https://www.exploit-db.com/exploits/43055	Trust: 1.6

sources: CNVD: CNVD-2025-02105 // NVD: CVE-2024-12847

SOURCES

db:	CNVD	id:	CNVD-2025-02105
db:	NVD	id:	CVE-2024-12847

LAST UPDATE DATE

2025-02-07T23:21:54.224000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02105	date:	2025-02-06T00:00:00
db:	NVD	id:	CVE-2024-12847	date:	2025-01-10T20:15:30.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02105	date:	2025-01-21T00:00:00
db:	NVD	id:	CVE-2024-12847	date:	2025-01-10T20:15:30.150