CRITICAL🇵🇱 Wersja polska

CVE-2024-30568

CVSS 9.8v3.1pub. 2024-04-03upd. 2025-04-04

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.

🤖 AI Analysis
How it works

An attacker can inject malicious system commands via the c4-IPAddr parameter, which is not properly validated or filtered by the device software. Based on the parameter name and references pointing to the ping_test function, the vulnerability likely relates to the router's diagnostic functionality. A crafted network request containing a command injection payload can be executed with the privileges of the process handling the given parameter.

Impact

A remote, unauthenticated attacker can execute arbitrary system commands on the device, leading to complete takeover of the router, including violations of confidentiality, integrity, and availability of data and the network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references (https://www.netgear.com/about/security/). Until an update is applied, it is recommended to restrict access to the device's administrative interface only from trusted hosts and to disable remote access to the management panel.

Who is affected

Netgear R6850 with firmware version 1.1.0.88

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear R6850

    HW
    Netgear
    wszystkie wersje
  • Netgear R6850 Firmware

    OS
    Netgear
    1.1.0.88
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-45501CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2021-29068CRITICAL9.9ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 befor...

CVE-2020-35795CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 ...

CVE-2024-30569HIGH7.5ten sam produkt

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive info...