cnvd - cnvd-2025-13417

cnvd-2025-13417

Vulnerability from cnvd

Title: NETGEAR R6900P/R7000P缓冲区溢出漏洞

Description:

NETGEAR R6900P和R7000P是NETGEAR公司推出的无线路由器，提供高速互联网连接和网络管理功能。

NETGEAR R6900P和R7000P存在缓冲区溢出漏洞，该漏洞源于HTTP Header Handler组件中的sub_16C4C函数未能正确处理Host参数的输入。攻击者可利用该漏洞导致服务崩溃。

Severity: 高

Formal description:

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.netgear.com/

Reference: https://vuldb.com/?id.289381

Impacted products

Name
['NETGEAR R7000P v1.3.3.154', 'NETGEAR R6900P 1.3.3.154']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-12988",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-12988"
    }
  },
  "description": "NETGEAR R6900P\u548cR7000P\u662fNETGEAR\u516c\u53f8\u63a8\u51fa\u7684\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u63d0\u4f9b\u9ad8\u901f\u4e92\u8054\u7f51\u8fde\u63a5\u548c\u7f51\u7edc\u7ba1\u7406\u529f\u80fd\u3002\n\nNETGEAR R6900P\u548cR7000P\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHTTP Header Handler\u7ec4\u4ef6\u4e2d\u7684sub_16C4C\u51fd\u6570\u672a\u80fd\u6b63\u786e\u5904\u7406Host\u53c2\u6570\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.netgear.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-13417",
  "openTime": "2025-06-25",
  "products": {
    "product": [
      "NETGEAR R7000P v1.3.3.154",
      "NETGEAR R6900P 1.3.3.154"
    ]
  },
  "referenceLink": "https://vuldb.com/?id.289381",
  "serverity": "\u9ad8",
  "submitTime": "2024-12-30",
  "title": "NETGEAR R6900P/R7000P\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2024-12988 (GCVE-0-2024-12988)

Vulnerability from cvelistv5

Published

2024-12-27 17:00

Modified

2025-01-14 13:59

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-120 - Buffer Overflow
CWE-119 - Memory Corruption

Summary

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References

▼	URL	Tags
	https://vuldb.com/?id.289381	vdb-entry, technical-description
	https://vuldb.com/?ctiid.289381	signature, permissions-required
	https://vuldb.com/?submit.462781	third-party-advisory
	https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154	exploit
	https://www.netgear.com/about/eos/	related
	https://www.netgear.com/	product

Impacted products

Vendor

Product

Version

▼

Netgear

R6900P

Version: 1.3.3.154

Netgear

R7000P

Version: 1.3.3.154

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12988",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-27T18:22:40.452260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-27T18:23:48.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP Header Handler"
          ],
          "product": "R6900P",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.3.154"
            }
          ]
        },
        {
          "modules": [
            "HTTP Header Handler"
          ],
          "product": "R7000P",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.3.154"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "physicszq (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
        },
        {
          "lang": "de",
          "value": "In Netgear R6900P and R7000P 1.3.3.154 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sub_16C4C der Komponente HTTP Header Handler. Durch Manipulation des Arguments Host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T13:59:51.349Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-289381 | Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.289381"
        },
        {
          "name": "VDB-289381 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.289381"
        },
        {
          "name": "Submit #462781 | Netgear R6900P, R7000P 1.3.3.154 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.462781"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.netgear.com/about/eos/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.netgear.com/"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:00:03.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-12988",
    "datePublished": "2024-12-27T17:00:14.876Z",
    "dateReserved": "2024-12-27T08:33:50.934Z",
    "dateUpdated": "2025-01-14T13:59:51.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted