CVE-2024-35520 | Netgear R7000 1.0.11.136 RMT_invite.cgi device_name2 command injection (PSV-2023-0154)

Posted by Angelo Barbosa | Oct 15, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Netgear R7000 1.0.11.136. Affected by this issue is some unknown functionality of the file RMT_invite.cgi. The manipulation of the argument device_name2 leads to command injection.

This vulnerability is handled as CVE-2024-35520. Access to the local network is required for this attack. There is no exploit available.

CVE-2024-35520 | Netgear R7000 1.0.11.136 RMT_invite.cgi device_name2 command injection (PSV-2023-0154)

Related Posts

CVE-2023-52425 | libexpat up to 2.5.0 Parser resource consumption

CVE-2024-25214 | Employee Managment System 1.0 /alogin.html Password improper authentication

CVE-2024-36120 | ben-sb javascript-deobfuscator up to 1.0.x code injection

CVE-2023-40464 | Sierra Wireless ALEOS up to 4.9.8/4.16 hard-coded key (swi-psa-2023-006)