CVE-2024-51002

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 5, 2024
CWE ID 120

Summary

CVE-2024-51002 is a newly disclosed vulnerability affecting several Netgear routers, including the R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128. This issue involves a stack overflow in the l2tp.cgi file, specifically within the l2tp_user_ip parameter. Maliciously crafted POST requests can trigger the stack overflow, leading to a Denial of Service (DoS) condition on the affected routers. Successful exploitation could prevent legitimate users from accessing the routers' services until the issue is addressed. Network administrators are advised to apply available patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share