CVE-2024-51015

Name of the Vulnerable Software and Affected Versions Netgear R7000P version 1.3.3.154

Description The issue is related to a command injection vulnerability via the device name2 parameter at the "operation mode.cgi" endpoint. This allows attackers to execute arbitrary OS commands via a crafted request. The vulnerability is also described as a stack-based buffer overflow when handling the device name2 parameter, which can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For Netgear R7000P version 1.3.3.154, consider disabling access to the "operation mode.cgi" endpoint until a patch is available. Avoid using the device name2 parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.