CVE-2024-12147 | Netgear R6900 1.0.1.26_1.0.20 HTTP Header upgrade_check.cgi Content-Length buffer overflow

A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow.

This vulnerability is known as CVE-2024-12147. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12147 | Netgear R6900 1.0.1.26_1.0.20 HTTP Header upgrade_check.cgi Content-Length buffer overflow

Post correlati

CVE-2024-25714 | Rhonabwy up to 1.1.13 HMAC strcmp signature verification

CVE-2021-47214 | Linux Kernel up to /5.15.4 userfaultfd hugetlb_mcopy_atomic_pte Privilege Escalation (b5069d44e2fb/cc30042df6fc)

CVE-2024-28165 | SAP BusinessObjects Business Intelligence Platform 430/440 Opendocument URL cross site scripting

CVE-2024-25645 | SAP NetWeaver 7.50 Enterprise Portal information disclosure