CVE-2024-12847

high-risk

Published 2025-01-10

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

Do I need to act?

71.3% chance of exploitation in next 30 days

EPSS score — higher than 29% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Dgn1000 Firmware

Affected Vendors

Netgear

References (4)

Mailing List https://seclists.org/bugtraq/2013/Jun/8

Vendor Advisory https://vulncheck.com/advisories/netgear-dgn

Exploit https://www.exploit-db.com/exploits/25978

Exploit https://www.exploit-db.com/exploits/43055

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 19/34 · Moderate

Exposure 5/34 · Minimal