CVE-2024-35522
Description
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated command injection in Netgear EX3700 AC750 WiFi Range Extender operating_mode.cgi allows attackers with admin privileges to execute arbitrary commands as root, fixed in firmware 1.0.0.98.
Vulnerability
A command injection vulnerability exists in the operating_mode.cgi CGI script of Netgear EX3700 AC750 WiFi Range Extender Essentials Edition firmware versions prior to 1.0.0.98. The vulnerability occurs when the ap_mode parameter is supplied with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone [1].
Exploitation
Exploitation requires authenticated access to the administrative web interface with privileges sufficient to access the operating_mode.cgi endpoint. An attacker can craft a malicious request with the specific parameter values to inject commands [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands as root on the device, leading to full compromise of the range extender's confidentiality, integrity, and availability. The CVSS score is 8.4 (High) [1].
Mitigation
The vulnerability is fixed in firmware version 1.0.0.98. Users should update their devices to the latest firmware via the Netgear support page. No workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Netgear/EX3700 ' AC750 WiFi Range Extender Essentials Editiondescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.