CVE-2024-52016
Last modified
CVE-2024-52016 is a medium-severity vulnerability rated 5.7/10 on the CVSS scale. Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | R8500 Firmware | 1.0.2.160 |
| Netgear | Xr300 Firmware | 1.0.3.78 |
| Netgear | R7000p Firmware | 1.3.3.154 |
| Netgear | R6400v2 Firmware | 1.0.4.128 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-52016?
How severe is CVE-2024-52016?
How do I fix CVE-2024-52016?
Are you affected by CVE-2024-52016?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST