CVE-2023-49007

Name of the Vulnerable Software and Affected Versions Netgear Orbi RBR750 versions prior to V7.2.6.21

Description The issue is related to a stack-based buffer overflow in the /usr/sbin/httpd process. It is also associated with the strlcpy() function, which can cause a buffer overflow when handling the length of X-Forwarded-For and X-Forwarded-Proto headers. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted HTTP requests.

Recommendations For versions prior to V7.2.6.21, update the firmware to V7.2.6.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the /usr/sbin/httpd process until a patch is available. Avoid using the X-Forwarded-For and X-Forwarded-Proto headers in HTTP requests to the affected device until the issue is resolved.