Colorlight2019

**Name of the Vulnerable Software and Affected Versions** NETGEAR R7000 version 1.0.11.116 **Description** The issue is a heap-based Buffer Overflow that can be exploited from the local network without authentication. It exists within the handling of an HTTP request, specifically during the upload of a backup.cgi file, where a user-provided length value is trusted. This allows an attacker to execute code as root by adding a before the Content-Length header. **Recommendations** For NETGEAR R7000 version 1.0.11.116, consider disabling the backup.cgi file upload functionality until a patch is available to prevent exploitation of the heap-based Buffer Overflow. Restrict access to the HTTP request handling to minimize the risk of code execution as root. Avoid trusting user-provided length values during file uploads to prevent similar issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.