Cyber Posture

CVE-2024-57046

HighPublic PoC

Published: 18 February 2025

Published
18 February 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4671 97.7th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57046 is a high-severity Improper Authentication (CWE-287) vulnerability in Netgear Dgn2200 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Explicitly defines and limits actions permitted without identification or authentication, directly preventing the router from treating crafted URLs like '?x=1.gif' as authenticated.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations, blocking unauthorized access to router administrative functions despite the authentication bypass vulnerability.

SI-2 Flaw Remediation good match
preventrecover

Mandates identification, reporting, and correction of flaws such as this CVE through firmware updates to eliminate the authentication bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes an authentication bypass vulnerability in the Netgear DGN2200 router's web management interface via a URL parameter (?x=1.gif), enabling exploitation of a public-facing application to gain unauthorized administrative access.

NVD Description

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Deeper analysisAI

CVE-2024-57046 is an authentication bypass vulnerability (CWE-287) in the Netgear DGN2200 router running firmware version v1.0.0.46 and earlier. The flaw allows unauthorized individuals to circumvent authentication by appending "?x=1.gif" to any requested URL, causing the router to treat the request as authenticated.

Attackers on an adjacent network (AV:A) can exploit this with low complexity (AC:L), no required privileges (PR:N), and no user interaction (UI:N). Successful exploitation provides high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 8.8, enabling potential full administrative control of the device.

Advisories and mitigation guidance are detailed in the GitHub security report at https://github.com/Shuanunio/CVE_Requests/blob/main/Netgear/DGN2200/ACL%20bypass%20Vulnerability%20in%20Netgear%20DGN2200.md and on Netgear's security portal at https://www.netgear.com/about/security/.

Details

CWE(s)
CWE-287

Affected Products

netgear
dgn2200 firmware
≤ 1.0.0.46

CVEs Like This One

CVE-2026-0405Same vendor: Netgear
CVE-2026-0407Same vendor: Netgear
CVE-2024-54809Same vendor: Netgear
CVE-2026-0408Same vendor: Netgear
CVE-2024-54805Same vendor: Netgear
CVE-2026-5570Shared CWE-287
CVE-2025-52395Shared CWE-287
CVE-2025-15484Shared CWE-287
CVE-2026-41571Shared CWE-287
CVE-2025-50526Same vendor: Netgear

References