PT-2025-29578 · NetGear · Netgear Xr300
Published
2025-07-15
·
Updated
2025-08-11
·
CVE-2025-52080
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Netgear XR300 version 1.0.3.38 10.3.30
Description
A stack-based buffer overflow exists in the HTTPD service through the
usb device.cgi endpoint when processing POST requests containing the share name parameter.Recommendations
Apply updates to address the issue in the HTTPD service.
As a temporary workaround, restrict access to the
usb device.cgi endpoint.
Avoid sending POST requests with excessively long share name parameters to the usb device.cgi endpoint.Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Xr300