CVE-2024-57229 is a command injection vulnerability identified in the NETGEAR RAX5 (AX1600 WiFi Router) firmware version 1.0.2.26. The vulnerability exists in the reset_wifi function, specifically via the devname parameter. Command injection vulnerabilities allow an attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected application. In this case, the devname parameter is not properly sanitized, enabling an attacker to inject malicious commands. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without any privileges or user interaction, and it impacts confidentiality and integrity but not availability. The weakness is classified under CWE-77, which corresponds to Improper Neutralization of Special Elements used in a Command ('Command Injection'). No known exploits are reported in the wild yet, and no patches have been linked or published at this time. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the router, potentially leading to unauthorized access to network traffic or manipulation of router settings.

For European organizations, this vulnerability poses a significant risk as routers like the NETGEAR RAX5 are commonly deployed in small office/home office (SOHO) environments and potentially in some enterprise edge networks. Exploitation could allow attackers to gain unauthorized access to internal network traffic, intercept sensitive communications, or pivot to other internal systems. The compromise of a router can undermine network confidentiality and integrity, enabling data exfiltration or insertion of malicious payloads into network streams. Although availability is not directly impacted, the loss of confidentiality and integrity can lead to severe operational and reputational damage. Given that the attack requires no authentication or user interaction, the threat surface is broad, especially if the device is exposed to the internet or poorly segmented networks. European organizations relying on this router model should be particularly vigilant, as regulatory frameworks like GDPR impose strict data protection requirements, and a breach could result in significant legal and financial penalties.

Organizations should immediately assess their network environments to identify deployments of the NETGEAR RAX5 router running firmware version 1.0.2.26. Until an official patch is released, it is recommended to restrict remote access to the router’s management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disabling remote management features and ensuring that the router’s firmware is updated to the latest available version (once a patch is released) is critical. Network administrators should monitor router logs for unusual activity related to the reset_wifi function or unexpected command execution. Employing intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect command injection attempts targeting this vulnerability can provide additional protection. Finally, organizations should consider replacing vulnerable devices with models that have confirmed security updates if immediate patching is not feasible.