PT-2024-8537 · NetGear · Netgear R7000P
Published
2024-10-28
·
Updated
2024-11-05
·
CVE-2024-51019
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear R7000P version 1.3.3.154
Description
The issue is related to a stack overflow in the pppoe.cgi script when handling the
pppoe localnetmask parameter. This allows attackers to cause a Denial of Service (DoS) via a crafted POST request to the /pppoe.cgi endpoint.Recommendations
For Netgear R7000P version 1.3.3.154, consider restricting access to the
pppoe.cgi script until a patch is available. As a temporary workaround, avoid using the pppoe localnetmask parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R7000P