CVE-2024-51006

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160

Description: The issue is related to a stack overflow in the ipv6 tunnel function when handling the ipv6 static ip parameter. This can be exploited by a remote attacker to cause a Denial of Service (DoS) using a crafted POST request to the / endpoint, although the exact endpoint is not specified.

Recommendations: For Netgear R8500 version 1.0.2.160, consider disabling the ipv6 tunnel function as a temporary workaround until a patch is available. Restrict access to the ipv6 static ip parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.