Upload

Name of the Vulnerable Software and Affected Versions: Netgear R6900 version 1.0.1.26 1.0.20 Description: A critical vulnerability has been found in the Netgear R6900 router, affecting an unknown functionality of the file upgrade check.cgi in the HTTP Header Handler component. The manipulation of the `Content-Length` argument leads to a buffer overflow. This issue can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability has been publicly disclosed and may be exploited. It only affects products that are no longer supported by the maintainer. Recommendations: For Netgear R6900 version 1.0.1.26 1.0.20, as a temporary workaround, consider disabling the `upgrade check.cgi` file until a patch is available. Restrict access to the HTTP Header Handler component to minimize the risk of exploitation. Avoid using the `Content-Length` argument in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.