Researchers have discovered critical vulnerabilities in popular Netgear WiFi models, allowing attackers to execute malicious commands on vulnerable devices.
Errors with identifiers cve-2024-35518 and cve-2024-35519 impact the NetGear Ex6120, EX6100, and EX3700 models with outdated firmware versions. The most severe vulnerability, CVE-2024-35518, specifically targets the Netgear Ex6120 model with firmware version 1.0.0.68 and earlier.
This vulnerability allows remote attackers to send commands through the “WAN_DNS1_PRI” parameter in the “Genie_fix2.cgi” file, granting them full control over the device.
The second vulnerability, CVE-2024-35519, affects multiple amplifier models, including EX6120, EX6100, and EX3700. This flaw enables attackers to insert commands through the “AP_Mode” parameter in the “Operating_Mode.cgi”.
Both vulnerabilities have received a high CVSS score of 8.4. While their exploitation requires proximity to the network and elevated privileges, no user interaction is necessary.
Netgear has acknowledged these vulnerabilities and released firmware updates to address them. The EX6120 model’s corrections are included in firmware versions 1.0.0.98 for CVE-2024-35518 and 1.0.0.70 for CVE-2024-35519.
The company has issued detailed recommendations and advised users to promptly update their device firmware to guard against potential threats. Users can verify update availability through the NetGear support site or the device control interface.
Timely firmware updates play a crucial role in shielding against emerging threats and ensuring network security. The identified vulnerabilities underscore the importance of swift responses to detected flaws and maintaining devices up to date to prevent possible attacks.