从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:CVE-2024-35519 2. 描述:Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, 和 Netgear EX3700 v1.0.0.96 在 operating_mode.cgi 中的 ap_mode 参数存在命令注入漏洞。 3. 修复情况:已修复在 firmware version 1.0.0.70 (EX6120)。 4. CVSS 评分: - CVSS Rating: High - CVSS Score: 8.4 - CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 5. 受影响的产品: - Netgear EX6120 - AC1200 Dual Band WiFi Range Extender - 1.0.0.68 (prior versions might be affected) - Netgear EX6100 - AC750 Dual Band WiFi Range Extender - 1.0.2.28 (prior versions might be affected) - Netgear EX3700 - AC750 WiFi Range Extender Essentials Edition - 1.0.0.96 (prior versions might be affected) 6. 受影响的组件:httpd, operating_mode.cgi, acos_service 7. 攻击类型:远程 8. 影响代码执行:true 9. 攻击向量:通过管理网页界面 10. 参考链接: - Security Advisory for Multiple Vulnerabilities on Some Extenders-PSV-2023-0150-PSV-2023-0151 - Security Advisory for Post-Authentication Command Injection on Some Extenders-PSV-2023-0153 - https://link.springer.com/chapter/10.1007/978-3-031-64171-8_21 11. 厂商确认或承认漏洞:true 12. 发现者: - Communications Security Establishment (CSE) - Security Research Centre (SRC) at Concordia University