Cyber Resilience

CVE-2024-35517

High

Published: 11 October 2024

Published
11 October 2024
Modified
13 March 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1090 93.6th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-35517 is a high-severity Command Injection (CWE-77) vulnerability in Netgear Xr1000 Firmware. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Netgear XR1000 firmware version 1.0.0.64 contains a command-injection vulnerability in the usb_remote_smb_conf.cgi endpoint. The flaw is triggered through the share_name parameter and is tracked as CWE-77. The issue received a CVSS 3.1 base score of 8.4, reflecting adjacent-network access, low attack complexity, and high-privileged authentication requirements that nevertheless permit impacts across confidentiality, integrity, and availability with changed scope.

An attacker who already possesses administrative credentials and can reach the device over an adjacent network can supply a crafted share_name value that results in arbitrary command execution on the router. Successful exploitation grants the attacker the ability to read or modify sensitive data, alter device configuration, or disrupt router operation, with effects that may extend beyond the device itself because of the changed scope.

The single public reference is a GitHub repository entry that documents the vulnerability details; no vendor advisory or firmware patch information is supplied in the available data. The associated EPSS score has remained flat at 0.1090 with no material increase after disclosure.

EU & UK References

Vulnerability details

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

The command injection vulnerability in the web CGI script (usb_remote_smb_conf.cgi) enables remote exploitation of a public-facing application on a network device, leading to arbitrary command execution via the device's CLI/shell.

Affected Assets

netgear
xr1000 firmware
1.0.0.64

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References