CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12988

High Severity
SVRS
66/100
CVSSv3
7.3/10
EPSS
0.00174/1

CVE-2024-12988 is a critical buffer overflow vulnerability found in Netgear R6900P and R7000P routers version 1.3.3.154. Specifically, the flaw exists in the 'HTTP Header Handler' component, function 'sub_16C4C', where manipulation of the 'Host' argument can trigger the overflow. Although the CVSS score is 7.3, the SOCRadar Vulnerability Risk Score (SVRS) is 66, indicating a moderate risk. The exploit is publicly available, meaning attacks are possible. This remote exploit allows attackers to potentially gain unauthorized access or disrupt service. It is important to note that this vulnerability affects Netgear products that are no longer supported, therefore patching isn't possible and mitigation strategies are vital. Organizations using these routers should consider replacing them or implementing compensating controls to minimize risk.

TAGS
In The Wild
Exploit
Permissions-required
Related
Third-party-advisory
Technical-description
Signature
Vdb-entry
Product
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:L
A:L
PUBLICATION DATE2024-12-27
LAST MODIFIED2025-01-14

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-12988 | Netgear R6900P/R7000P 1.3.3.154 HTTP Header sub_16C4C Host buffer overflow
vuldb.com2024-12-27
CVE-2024-12988 | Netgear R6900P/R7000P 1.3.3.154 HTTP Header sub_16C4C Host buffer overflow | A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. This vulnerability is known as <a href="https://
vuldb.com
rss
forum
news

Social Media

CVE-2024-12988 (CVSS:7.3, HIGH) is Awaiting Analysis. A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulne..https://t.co/K05ovl4RJX #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-12988 Critical Buffer Overflow in Netgear R6900P/R7000P - Publicly Disclosed * Netgear R6900P and R7000P 1.3.3.154 have a critical vulnerability. It affects the HTTP Header Handler component's sub_16C4C ... https://t.co/p9ofIZwUvw
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
[email protected]https://vuldb.com/?ctiid.289381
[email protected]https://vuldb.com/?id.289381
[email protected]https://vuldb.com/?submit.462781
[email protected]https://www.netgear.com/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
[email protected]https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
[email protected]https://vuldb.com/?ctiid.289381
[email protected]https://vuldb.com/?id.289381
[email protected]https://vuldb.com/?submit.462781
[email protected]https://www.netgear.com/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
[email protected]https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
[email protected]https://vuldb.com/?ctiid.289381
[email protected]https://vuldb.com/?id.289381
[email protected]https://vuldb.com/?submit.462781
[email protected]https://www.netgear.com/
[email protected]https://www.netgear.com/about/eos/
SUBMIT #462781 | NETGEAR R6900P, R7000P 1.3.3.154 BUFFER OVERFLOWhttps://vuldb.com/?submit.462781
VDB-289381 | CTI INDICATORS (IOB, IOC, IOA)https://vuldb.com/?ctiid.289381
VDB-289381 | NETGEAR R6900P/R7000P HTTP HEADER SUB_16C4C BUFFER OVERFLOWhttps://vuldb.com/?id.289381
GITHUBhttps://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154
GITHUBhttps://vuldb.com/?id.289381

CWE Details

CWE IDCWE NameDescription
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence