CVE-2024-52028

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.3.154

Description: The issue is related to a stack overflow in the wiz pptp.cgi script of the Netgear R7000P router's firmware, specifically when handling the pptp user netmask parameter. This allows attackers to cause a Denial of Service (DoS) by sending a crafted POST request to the "/wiz pptp.cgi" endpoint. The vulnerability is due to a lack of input size validation when copying data into a buffer.

Recommendations: For Netgear R7000P version 1.3.3.154, as a temporary workaround, consider restricting access to the wiz pptp.cgi script to minimize the risk of exploitation. Avoid using the pptp user netmask parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.