CVE-2024-51002

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128

Description The issue is related to a stack overflow vulnerability via the l2tp user ip parameter at the "l2tp.cgi" endpoint. This allows attackers to cause a Denial of Service (DoS) via a crafted POST request. The vulnerability is due to a buffer copy without checking the size of the input data when processing the l2tp user ip parameter, which can be exploited by a remote attacker to cause a service disruption.

Recommendations For Netgear R8500 version 1.0.2.160, update to a newer version that contains a fix for this issue. For Netgear XR300 version 1.0.3.78, update to a newer version that contains a fix for this issue. For Netgear R7000P version 1.3.3.154, update to a newer version that contains a fix for this issue. For Netgear R6400 v2 version 1.0.4.128, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "l2tp.cgi" endpoint to minimize the risk of exploitation. Avoid using the l2tp user ip parameter in the affected endpoint until the issue is resolved.