Dgn2200 Firmware
CVE-2024-57046
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.
AnalysisAI
Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management.
Technical ContextAI
The DGN2200's HTTP server uses a simplistic authentication check that exempts requests for image files. By appending ?x=1.gif to any management URL, the request is classified as an image access and bypasses the authentication requirement entirely. This grants access to the full management interface including password changes, firmware updates, and network configuration.
RemediationAI
Update firmware to a version beyond v1.0.0.46. Replace end-of-life routers. Disable remote management. Monitor network DNS settings for unauthorized changes.
More in Dgn2200 Firmware
View allCross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 all
Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, s
NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-202
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), th
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp
Certain NETGEAR devices are affected by authentication bypass. Rated low severity (CVSS 2.7), this vulnerability is remo
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today