CVE-2024-35519

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*

History

16 Oct 2024, 17:17

Type Values Removed Values Added
CPE cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
References () https://github.com/consrc/cves/blob/main/CVE-2024-35519.md - () https://github.com/consrc/cves/blob/main/CVE-2024-35519.md - Third Party Advisory
CWE CWE-77
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 6.8
First Time Netgear ex6120
Netgear ex3700 Firmware
Netgear ex3700
Netgear ex6100 Firmware
Netgear
Netgear ex6120 Firmware
Netgear ex6100

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28 y Netgear EX3700 v1.0.0.96 son vulnerables a la inyección de comandos en operating_mode.cgi a través del parámetro ap_mode.

14 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 22:15

Updated : 2024-10-16 17:17


NVD link : CVE-2024-35519

Mitre link : CVE-2024-35519

CVE.ORG link : CVE-2024-35519


JSON object : View

Products Affected

netgear

  • ex3700
  • ex6120
  • ex6100
  • ex3700_firmware
  • ex6120_firmware
  • ex6100_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')