CVE-2024-51017

Name of the Vulnerable Software and Affected Versions Netgear R7000P version 1.3.3.154

Description The issue is related to a stack overflow vulnerability in the l2tp.cgi script of the NETGEAR R7000P router's firmware. This vulnerability occurs when handling the l2tp user netmask parameter. Exploitation of this issue can allow a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted POST request to the /l2tp.cgi endpoint. The l2tp user netmask parameter is the vulnerable parameter in this case.

Recommendations For Netgear R7000P version 1.3.3.154, as a temporary workaround, consider restricting access to the /l2tp.cgi endpoint until a patch is available. Additionally, avoid using the l2tp user netmask parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.