CVE-2024-12847

Published Jan 10, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.
Source
disclosure@vulncheck.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-288

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202412847 CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published https://t.co/HgUqOfHaL8

    @Komodosec

    2 Feb 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. CVE-2024-12847: Exposing an Old Netgear Vulnerability Still Active in 2025 - https://t.co/qRmuxKaxqT 2. RCE in Lightning AI-development platform - https://t.co/dyiZO28pin 3. CVE-2024-41710: Mitel phones Argument Injection - https://t.co/Qv6bpjmKWk 3.… https://t.co

    @ksg93rd

    31 Jan 2025

    189 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Threat Alert: CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, CVE-2024-12847 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/XuV5R3W9Ro #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    14 Jan 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A critical vulnerability (CVE-2024-12847) in Netgear routers has been exploited since 2017, allowing unauthorized access. Update released for DGN1000; DGN2200 v1 no longer supported. ⚠️ #Netgear #RouterFlaw #USA #CybersecurityNews link: https://t.co/u0hUUxnohk https://t.co/RGDGx

    @TweetThreatNews

    13 Jan 2025

    49 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. NETGEAR Router Flaw Exploited (CVE-2024-12847) PoC Published 🧛: Shed some light here, cmon men ExploitDB lho wkwk. https://t.co/7azebwIXTf

    @byt3n33dl3

    13 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨Alert🚨 CVE-2024-12847: Authentication Bypass in NETGEAR DGN1000 📊 327K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/s24w5PItAc 👇Query HUNTER :/product.name="NETGEAR DGN1000" FOFA : product="NETGEAR-DGN1000" SHODAN : product:"NETGEAR… http

    @HunterMapping

    13 Jan 2025

    1720 Impressions

    6 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    2 Quotes

  7. NETGEAR Router Flaw Exploited for Years (CVE-2024-12847 ) PoC Published : https://t.co/oXMxqCrsmU

    @binitamshah

    12 Jan 2025

    11376 Impressions

    25 Retweets

    93 Likes

    38 Bookmarks

    2 Replies

    2 Quotes

  8. ネットギア社ルータの重大(Critical)な脆弱性CVE-2024-12847が開示された。CVSSスコア9.8で、少なくとも2017年から実際に悪用されているもの。DGN1000及びDGN2000 v1の組込Webサーバにおけるコマンドインジェクション。他の機種への影響は未確定。Metasploitモジュールあり。 https://t.co/WiVRlizZLy

    @__kokumoto

    12 Jan 2025

    1962 Impressions

    15 Retweets

    23 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years now. PoC Published (not from me) Why do I now do a-lot of NetExec stuff . . . (Im scared) ☠️

    @byt3n33dl3

    12 Jan 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-12847 Authentication Bypass in NETGEAR DGN1000 - Exploited Since 2017 ... https://t.co/UFvushfwaz Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    11 Jan 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-12847: Proof-of-Concept Exploit Code Released #CVE-2024-12847 #NetGear #PoCExploitCode https://t.co/swkYr00LeM

    @pravin_karthik

    11 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published https://t.co/p5HvfEYG9L

    @Dinosn

    11 Jan 2025

    4670 Impressions

    34 Retweets

    90 Likes

    27 Bookmarks

    0 Replies

    1 Quote

  13. [CVE-2024-12847: CRITICAL] Critical security alert: NETGEAR DGN1000 <1.1.00.48 exposed to authentication bypass flaw! Attackers can execute commands remotely, compromising network security. Update now!#cybersecurity,#vulnerability https://t.co/V7YYV5qQ4i https://t.co/7bJLLg5Xu

    @CveFindCom

    10 Jan 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-12847 NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system… https://t.co/lliFULMNoM

    @CVEnew

    10 Jan 2025

    394 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References