R6850 Firmware
CVE-2024-30572
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
AnalysisAI
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Affected products include: Netgear R6850 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in R6850 Firmware
View allNetgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated cr
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive inform
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information wi
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulne
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today