Unrated severityNVD Advisory· Published Jan 10, 2025· Updated Apr 7, 2026
NETGEAR DGN setup.cgi OS Command Injection
CVE-2024-12847
Description
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/25978mitreexploit
- www.exploit-db.com/exploits/43055mitreexploit
- seclists.org/bugtraq/2013/Jun/8mitrethird-party-advisorytechnical-description
- vulncheck.com/advisories/netgear-dgnmitrethird-party-advisory
News mentions
1- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025