CVE-2024-35517

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:xr1000_firmware:1.0.0.64:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*

History

13 Mar 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2
v2 : unknown
v3 : 8.4

08 Nov 2024, 21:24

Type Values Removed Values Added
CWE CWE-77
CPE cpe:2.3:o:netgear:xr1000_firmware:1.0.0.64:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 7.2
References () https://github.com/consrc/cves/blob/main/CVE-2024-35517.md - () https://github.com/consrc/cves/blob/main/CVE-2024-35517.md - Third Party Advisory
First Time Netgear
Netgear xr1000 Firmware
Netgear xr1000

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Netgear XR1000 v1.0.0.64 es vulnerable a la inyección de comandos en usb_remote_smb_conf.cgi a través del parámetro share_name.

11 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 22:15

Updated : 2025-03-13 17:15


NVD link : CVE-2024-35517

Mitre link : CVE-2024-35517

CVE.ORG link : CVE-2024-35517


JSON object : View

Products Affected

netgear

  • xr1000_firmware
  • xr1000
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')