CVE-2024-50994

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160

Description The issue is related to multiple stack overflow vulnerabilities in the ipv6 fix.cgi component of the Netgear R8500 router. These vulnerabilities are caused by the lack of size checking for input data when handling the ipv6 wan ipaddr, ipv6 lan ipaddr, ipv6 wan length, and ipv6 lan length parameters. This allows attackers to cause a Denial of Service (DoS) via a crafted POST request to the "ipv6 fix.cgi" endpoint.

Recommendations For Netgear R8500 version 1.0.2.160, consider disabling the ipv6 fix.cgi component until a patch is available to prevent exploitation of the stack overflow vulnerabilities. Restrict access to the vulnerable parameters ipv6 wan ipaddr, ipv6 lan ipaddr, ipv6 wan length, and ipv6 lan length to minimize the risk of a Denial of Service (DoS) attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.