CVE-2024-50998

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160

Description The issue is related to multiple stack overflow vulnerabilities in the openvpn.cgi component of the Netgear R8500 router's firmware. These vulnerabilities are caused by uncontrolled copying of user input when handling the openvpn service port and openvpn service port tun parameters. This allows attackers to cause a Denial of Service (DoS) via a crafted POST request to the affected API endpoint.

Recommendations For Netgear R8500 version 1.0.2.160, as a temporary workaround, consider disabling the openvpn.cgi component until a patch is available. Restrict access to the openvpn service port and openvpn service port tun parameters to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.