CVE-2024-50999

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 5, 2024

CWE ID 120

Summary

CVE-2024-50999 is a command injection vulnerability affecting Netgear R8500 v1.0.2.160. The sysNewPasswd parameter in password.cgi was identified as the source of the issue. Attackers can exploit this flaw to execute arbitrary OS commands by crafting malicious requests. This vulnerability poses a significant risk, as it allows unauthorized access and control over the device. Users are advised to update their Netgear R8500 routers to the latest firmware version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

R8 500

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z7R7F_
https://www.cve.org/CVERecord?id=CVE-2024-50999
https://nvd.nist.gov/vuln/detail/CVE-2024-50999

Back to Vulnerability Database

CVE-2024-50999

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations