CVE-2024-52017

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 5, 2024

CWE ID 120

Summary

CVE-2024-52017 is a newly disclosed vulnerability affecting Netgear XR300 v1.0.3.78. The issue lies in the bridge_wireless_main.cgi file, where a stack overflow can be triggered via a maliciously crafted POST request to the passphrase parameter. This vulnerability does not result in a direct code execution, but instead causes a Denial of Service (DoS) condition by exhausting system resources. Attackers can exploit this weakness to make the device unresponsive, disrupting network connectivity and potentially leading to further security risks. Users are advised to update their Netgear XR300 firmware to the latest version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database