CVE-2024-51001

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160

Description The issue is related to a stack overflow in the ddns.cgi script, specifically via the sysDNSHost parameter. This allows attackers to cause a Denial of Service (DoS) by sending a crafted POST request to the "/ddns.cgi" endpoint. The vulnerability is due to a buffer copy without checking the size of the input data when handling the sysDNSHost parameter.

Recommendations For Netgear R8500 version 1.0.2.160, consider disabling access to the ddns.cgi script until a patch is available to prevent exploitation of the sysDNSHost parameter. Restricting access to this endpoint can help minimize the risk of a Denial of Service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.