CVE-2024-52015: Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter…

medium5.7CVSS 3.1

AVAACLPRLUINSUCNINAH

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Affected

4 ranges

Vendor	Product	Version range	Fixed in
netgear	r6400v2_firmware	—	—
netgear	r7000p_firmware	—	—
netgear	r8500_firmware	—	—
netgear	xr300_firmware	—	—