CVE-2024-52015

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 5, 2024

CWE ID 120

Summary

CVE-2024-52015 is a newly disclosed vulnerability affecting several Netgear routers, including the R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128. The flaw is located in the pptp_user_ip parameter of bsw_pptp.cgi and can be exploited by attackers to trigger a stack overflow. This vulnerability does not result in direct code execution but rather causes a Denial of Service (DoS) condition through a crafted POST request. Successful exploitation of this issue can lead to router crashes and potentially leave networks open to further attacks. Users are strongly encouraged to update their routers as soon as patches become available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database