CVE-2024-12147

Name of the Vulnerable Software and Affected Versions: Netgear R6900 version 1.0.1.26 1.0.20

Description: A critical vulnerability has been found in the Netgear R6900 router, affecting an unknown functionality of the file upgrade check.cgi in the HTTP Header Handler component. The manipulation of the Content-Length argument leads to a buffer overflow. This issue can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The vulnerability has been publicly disclosed and may be exploited. It only affects products that are no longer supported by the maintainer.

Recommendations: For Netgear R6900 version 1.0.1.26 1.0.20, as a temporary workaround, consider disabling the upgrade check.cgi file until a patch is available. Restrict access to the HTTP Header Handler component to minimize the risk of exploitation. Avoid using the Content-Length argument in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.