CVE-2024-51004

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Netgear R8500 version 1.0.2.160 Netgear R7000P version 1.3.3.154

Description The issue is related to multiple stack overflow vulnerabilities in the usb device.cgi component of Netgear routers. These vulnerabilities can be exploited via the cifs user, read access, and write access parameters, allowing attackers to cause a Denial of Service (DoS) via a crafted POST request to the /usb device.cgi endpoint.

Recommendations For Netgear R8500 version 1.0.2.160, consider disabling the usb device.cgi component until a patch is available. For Netgear R7000P version 1.3.3.154, restrict access to the usb device.cgi component to minimize the risk of exploitation. Avoid using the parameters cifs user, read access, and write access in the affected API endpoint until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2024-09946

CVE-2024-51004

Affected Products

Netgear R7000P

Netgear R8500

CVE-2024-51004

Weakness Enumeration

Related Identifiers

Affected Products

References · 9