Details of VAR-202502-2375

ID

VAR-202502-2375

CVE

CVE-2024-57046

TITLE

of netgear DGN2200 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008184

DESCRIPTION

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. of netgear DGN2200 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR DGN2200 is a wireless router from NETGEAR. NETGEAR DGN2200 has a permission issue vulnerability

Trust: 2.16

sources: NVD: CVE-2024-57046 // JVNDB: JVNDB-2025-008184 // CNVD: CNVD-2025-10685

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10685

AFFECTED PRODUCTS

vendor:	netgear	model:	dgn2200	scope:	lte	version:	1.0.0.46	Trust: 1.0
vendor:	ネットギア	model:	dgn2200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgn2200	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgn2200	scope:	lte	version:	dgn2200 firmware 1.0.0.46 and earlier	Trust: 0.8
vendor:	netgear	model:	dgn2200	scope:	lte	version:	<=1.0.0.46	Trust: 0.6

sources: CNVD: CNVD-2025-10685 // JVNDB: JVNDB-2025-008184 // NVD: CVE-2024-57046

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-57046
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-008184
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-10685
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10685
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-57046
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-008184
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10685 // JVNDB: JVNDB-2025-008184 // NVD: CVE-2024-57046

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-008184 // NVD: CVE-2024-57046

EXTERNAL IDS

db:	NVD	id:	CVE-2024-57046	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-008184	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10685	Trust: 0.6

sources: CNVD: CNVD-2025-10685 // JVNDB: JVNDB-2025-008184 // NVD: CVE-2024-57046

REFERENCES

url:	https://github.com/shuanunio/cve_requests/blob/main/netgear/dgn2200/acl%20bypass%20vulnerability%20in%20netgear%20dgn2200.md	Trust: 1.8
url:	https://www.netgear.com/about/security/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-57046	Trust: 0.8
url:	https://www.netgear.com/about/security/https	Trust: 0.6

sources: CNVD: CNVD-2025-10685 // JVNDB: JVNDB-2025-008184 // NVD: CVE-2024-57046

SOURCES

db:	CNVD	id:	CNVD-2025-10685
db:	JVNDB	id:	JVNDB-2025-008184
db:	NVD	id:	CVE-2024-57046

LAST UPDATE DATE

2025-07-09T23:22:11.602000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10685	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-008184	date:	2025-07-08T07:17:00
db:	NVD	id:	CVE-2024-57046	date:	2025-07-07T18:11:18.437

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10685	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-008184	date:	2025-07-08T00:00:00
db:	NVD	id:	CVE-2024-57046	date:	2025-02-18T15:15:16.783