Severity
High
Analysis Summary
CVE-2024-51022 CVSS:6.5
Netgear XR300 is vulnerable to a denial of service, caused by a stack-based buffer overflow using the ssid parameter in bridge_wireless_main.cgi. By sending a specially crafted POST request, an attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-51012 CVSS:6.5
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51009 CVSS:8.8
Netgear R8500 could allow a remote attacker from within the local network to execute arbitrary commands on the system, caused by a command injection vulnerability in the wan_gateway parameter at ether.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-51022
- CVE-2024-51012
- CVE-2024-51009
Affected Vendors
Affected Products
- Netgear XR300 1.0.3.78
- Netgear R8500 1.0.2.160
Remediation
Refer to NETGEAR Security Advisory for patch, upgrade, or suggested workaround information.