What is the CVSS score of CVE-2024-12847?

CVE-2024-12847 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 71.3%.

Which versions of Dgn1000 Firmware are affected by CVE-2024-12847?

Organizations using NETGEAR DGN1000 before 1.1.00.48 face critical risk from CVE-2024-12847, a OS command injection vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2024-12847?

Yes, a public proof-of-concept exploit is available for CVE-2024-12847. Prioritise patching immediately. EPSS: 71.3%.

How to fix or mitigate CVE-2024-12847?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Dgn1000 Firmware CVE-2024-12847

CRITICAL

OS Command Injection (CWE-78)

2025-01-10 disclosure@vulncheck.com

Command Injection Netgear Authentication Bypass Dgn1000 Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

PoC Detected

Dec 19, 2025 - 20:15 vuln.today

Public exploit code

CVE Published

Jan 10, 2025 - 20:15 nvd

CRITICAL 9.8

DescriptionCVE.org

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

AnalysisAI

NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations.

Technical ContextAI

The setup.cgi endpoint on NETGEAR DGN1000 routers processes user input without authentication or sanitization, passing it directly to shell commands executed as root. The vulnerability is trivially exploitable via crafted HTTP requests. It has been weaponized in multiple botnet frameworks including Reaper/IoTroop and Mirai variants.

RemediationAI

Update firmware to 1.1.00.48 or later. If the router is end-of-life, replace it immediately. Disable remote management access. Monitor network traffic for C2 communications from router IP addresses.

CVE-2024-12847 vulnerability details – vuln.today

Back

Dgn1000 Firmware CVE-2024-12847

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code