CRITICAL🇵🇱 Wersja polska

CVE-2024-57233

CVSS 9.8v3.1pub. 2025-05-05upd. 2025-05-07

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

🤖 AI Analysis
How it works

The command injection vulnerability (CWE-77) occurs in the vif_disable function, which does not properly validate the value passed through the iface parameter. An attacker can craft a request containing a malicious payload embedded in this parameter. Improperly constructed data is then passed directly to the system command interpreter, resulting in execution of arbitrary code in the context of the device.

Impact

An unauthenticated attacker from the network can gain full control over the device — read confidential configuration data, modify router settings, or use it as an access point for further attacks on the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is recommended to monitor official NETGEAR firmware updates for the RAX5 model and restrict access to the device management panel exclusively to trusted hosts.

Who is affected

NETGEAR RAX5 (AX1600 WiFi Router) with firmware version v1.0.2.26

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Rax50

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax50 Firmware

    OS
    Netgear
    1.0.2.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57231CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear RAX5 V1.0.2.26 via parametr ifname

CVE-2024-57232CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname

CVE-2024-57229CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 poprzez parametr devname

CVE-2024-57230CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr ifname

CVE-2024-57234CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname