A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
References
Link | Resource |
---|---|
https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.289381 | Permissions Required VDB Entry |
https://vuldb.com/?id.289381 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.462781 | Third Party Advisory VDB Entry |
https://www.netgear.com/ | Product |
https://www.netgear.com/about/eos/ | Product |
https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154 | Exploit Third Party Advisory |
Configurations
History
28 May 2025, 20:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
First Time |
Netgear
Netgear r7000p Netgear r7000p Firmware Netgear r6900p Firmware Netgear r6900p |
|
CPE | cpe:2.3:o:netgear:r7000p_firmware:1.3.3.154:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:1.3.3.154:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* |
|
References | () https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154 - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.289381 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.289381 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.462781 - Third Party Advisory, VDB Entry | |
References | () https://www.netgear.com/ - Product | |
References | () https://www.netgear.com/about/eos/ - Product |
14 Jan 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
|
Summary | (en) A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
27 Dec 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-12-27 17:15
Updated : 2025-05-28 20:19
NVD link : CVE-2024-12988
Mitre link : CVE-2024-12988
CVE.ORG link : CVE-2024-12988
JSON object : View
Products Affected
netgear
- r7000p
- r6900p_firmware
- r6900p
- r7000p_firmware