CVE-2024-51020

Name of the Vulnerable Software and Affected Versions Netgear R7000P version 1.3.3.154

Description The issue is related to a stack overflow vulnerability in the usbISP detail edit.cgi script, specifically via the apn parameter. This vulnerability can be exploited by sending a crafted POST request, allowing attackers to cause a Denial of Service (DoS). The vulnerability is due to a buffer copy without checking the size of the input data when handling the apn parameter.

Recommendations For Netgear R7000P version 1.3.3.154, consider disabling access to the usbISP detail edit.cgi script or restricting the use of the apn parameter until a patch is available. Avoid using the apn parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.