CRITICAL🇵🇱 Wersja polska

CVE-2024-57229

CVSS 9.8v3.1pub. 2025-05-05upd. 2025-05-07

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of input data passed through the devname parameter to the reset_wifi function. An attacker can inject malicious system commands through this parameter, which will be executed by the device with the privileges of the process handling the request. The attack vector is network-based and requires no privileges or user interaction.

Impact

An attacker can remotely execute arbitrary commands on the device (RCE), which in practice means complete takeover of the router, including the possibility of compromising the confidentiality, integrity, and availability of the device and the entire network it manages.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until an update is applied, it is recommended to restrict access to the router's management interface only to trusted hosts and to disable remote management from the WAN side.

Who is affected

NETGEAR RAX5 (AX1600 WiFi Router) in firmware version V1.0.2.26

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Rax50

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax50 Firmware

    OS
    Netgear
    1.0.2.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57232CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname

CVE-2024-57233CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr iface

CVE-2024-57230CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr ifname

CVE-2024-57231CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear RAX5 V1.0.2.26 via parametr ifname

CVE-2024-57234CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname