CVE-2024-52013

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description The issue is related to a buffer overflow in the wiz pptp.cgi script of Netgear router firmware, specifically when handling the pptp user ip parameter. This can be exploited by sending a specially crafted POST request, allowing a remote attacker to cause a Denial of Service (DoS).

Recommendations For Netgear R8500 version 1.0.2.160, update the firmware to a version that fixes the buffer overflow issue in the wiz pptp.cgi script. For Netgear XR300 version 1.0.3.78, update the firmware to a version that fixes the buffer overflow issue in the wiz pptp.cgi script. For Netgear R7000P version 1.3.3.154, update the firmware to a version that fixes the buffer overflow issue in the wiz pptp.cgi script. For Netgear R6400 v2 version 1.0.4.128, update the firmware to a version that fixes the buffer overflow issue in the wiz pptp.cgi script. As a temporary workaround, consider restricting access to the wiz pptp.cgi script until a patch is available.