CVE-2024-12988

Name of the Vulnerable Software and Affected Versions Netgear R6900P and R7000P version 1.3.3.154

Description A critical vulnerability has been found in the HTTP Header Handler component, specifically affecting the function sub 16C4C. The manipulation of the Host argument leads to a buffer overflow. This issue can be exploited remotely. The vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For Netgear R6900P and R7000P version 1.3.3.154, as a temporary workaround, consider restricting access to the HTTP Header Handler component until a patch is available. Avoid using the Host argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.