CVE-2024-51003

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description The issue is related to multiple stack overflow vulnerabilities in the ap mode.cgi component. These vulnerabilities can be exploited via the apmode dns1 pri and apmode dns1 sec parameters, allowing attackers to cause a Denial of Service (DoS) by sending a crafted POST request to the affected API endpoint.

Recommendations For Netgear R8500 version 1.0.2.160, consider disabling the ap mode.cgi component until a patch is available. For Netgear XR300 version 1.0.3.78, restrict access to the ap mode.cgi component to minimize the risk of exploitation. For Netgear R7000P version 1.3.3.154, avoid using the apmode dns1 pri and apmode dns1 sec parameters in the affected API endpoint until the issue is resolved. For Netgear R6400 v2 version 1.0.4.128, as a temporary workaround, consider restricting the use of the ap mode.cgi component until a patch is available.