Summary: A critical security vulnerability (CVE-2024-12847) has been found in multiple Netgear routers, allowing remote attackers to gain unauthorized access. This flaw, which has been exploited since 2017, affects the embedded web server of several models, including the DGN1000 and DGN2200 v1.
Threat Actor: Remote attackers | remote attackers
Victim: Netgear router users | Netgear router users
Key Point :
- Vulnerability CVE-2024-12847 has a CVSS score of 9.8, indicating a severe risk.
- Attackers can exploit the flaw through improper authentication checks, allowing access to sensitive files.
- Netgear has released a firmware update for the DGN1000, but support for DGN2200 v1 has been discontinued.
- A Metasploit module is available, making it easier for attackers to exploit this vulnerability.
- Users are strongly advised to update their firmware or replace unsupported devices.