CVE-2024-52026

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description: The issue is related to a buffer overflow in the bsw pppoe.cgi script of Netgear router firmware, specifically when handling the pppoe localip parameter. This can be exploited by sending a specially crafted POST request, allowing a remote attacker to cause a Denial of Service (DoS).

Recommendations: For Netgear XR300 version 1.0.3.78, consider disabling access to the bsw pppoe.cgi script until a patch is available. For Netgear R7000P version 1.3.3.154, restrict the use of the pppoe localip parameter in the bsw pppoe.cgi script to minimize the risk of exploitation. For Netgear R6400 v2 version 1.0.4.128, avoid using the pppoe localip parameter in the affected API endpoint until the issue is resolved.