CVE-2024-52025

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description: The issue is related to a buffer overflow in the geniepppoe.cgi script of Netgear router firmware, specifically when handling the pppoe localip parameter. This can be exploited by sending a specially crafted POST request to the "/geniepppoe.cgi" endpoint, allowing a remote attacker to cause a Denial of Service (DoS).

Recommendations: For Netgear XR300 version 1.0.3.78, update to a newer version that contains a fix for this issue. For Netgear R7000P version 1.3.3.154, update to a newer version that contains a fix for this issue. For Netgear R6400 v2 version 1.0.4.128, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the geniepppoe.cgi script to minimize the risk of exploitation.