CVE-2024-52030

Name of the Vulnerable Software and Affected Versions Netgear R7000P version 1.3.3.154

Description The issue is related to a stack overflow in the ru wan flow.cgi script, specifically via the pptp user netmask parameter. This allows attackers to cause a Denial of Service (DoS) by sending a crafted POST request. The vulnerability is due to a buffer copy without checking the size of the input data when handling the pptp user netmask parameter, which can be exploited by a remote attacker to cause a service disruption.

Recommendations For Netgear R7000P version 1.3.3.154, as a temporary workaround, consider restricting access to the ru wan flow.cgi script or disabling the pptp user netmask parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.