CVE-2024-57046

HIGH
2025-02-18 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:27 vuln.today
PoC Detected
Jul 07, 2025 - 18:11 vuln.today
Public exploit code
CVE Published
Feb 18, 2025 - 15:15 nvd
HIGH 8.8

Tags

Netgear Authentication Bypass Dgn2200 Firmware

Description

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Analysis

Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management.

Technical Context

The DGN2200's HTTP server uses a simplistic authentication check that exempts requests for image files. By appending ?x=1.gif to any management URL, the request is classified as an image access and bypasses the authentication requirement entirely. This grants access to the full management interface including password changes, firmware updates, and network configuration.

Affected Products

['Netgear DGN2200 firmware <= v1.0.0.46']

Remediation

Update firmware to a version beyond v1.0.0.46. Replace end-of-life routers. Disable remote management. Monitor network DNS settings for unauthorized changes.

Priority Score

126
Low Medium High Critical
KEV: 0
EPSS: +62.4
CVSS: +44
POC: +20

Share

CVE-2024-57046 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy