A severe security vulnerability has been discovered in several Netgear routers, allowing remote attackers to gain unauthorized access and control over the devices. The vulnerability, identified as CVE-2024-12847 (CVSS 9.8), has been exploited in the wild since at least 2017.
The vulnerability targets the embedded web server of the following NETGEAR devices:
- NETGEAR DGN1000: Firmware versions below 1.1.00.48
- NETGEAR DGN2200 v1: All firmware versions (no longer supported)
Other NETGEAR devices and firmware versions may also be vulnerable, though comprehensive testing has not been conducted.
At its core, CVE-2024-12847 arises from improper authentication checks in the device’s web server. Specifically, URLs containing the “currentsetting.htm” substring bypass authentication, enabling attackers to interact with the router’s backend services without credentials.
One of the key exploitation vectors involves abusing the setup.cgi endpoint. For example:
- To read sensitive files, such as /www/.htpasswd (containing the admin user’s clear-text password), an attacker could craft a URL like:
http://<target-ip-address>/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1
- The syscmd function of the setup.cgi script executes arbitrary commands provided by the attacker. The example above executes the cat command to read sensitive data, with the output displayed in the browser.
A Metasploit module for CVE-2024-12847 has been released, further lowering the technical barrier for exploitation.
Netgear has released firmware version 1.1.00.48 for the DGN1000 router, which addresses this vulnerability. Users of affected routers are strongly advised to update their firmware to the latest version as soon as possible.
For DGN2200 v1 routers, Netgear has discontinued support and no update is available. Users of these routers are advised to replace them with newer models.
Related Posts:
- Netgear Patches Multiple Vulnerabilities in CAX30, XR1000, and R7000 Routers
- Vital Firmware Update Alert for Netgear RAX30 WiFi Router Owners
- Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available
- Pre-Authentication Buffer Overflow on Netgear Routers
- NETGEAR Nighthawk Series Routers Authentication Bypass Vulnerability
