Details of VAR-202412-0018

ID

VAR-202412-0018

CVE

CVE-2024-12147

TITLE

Netgear R6900 Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-10686

DESCRIPTION

A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. The vulnerability is caused by the parameter Content-Length of the file upgrade_check.cgi failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 1.44

sources: NVD: CVE-2024-12147 // CNVD: CNVD-2025-10686

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10686

AFFECTED PRODUCTS

vendor:

netgear

model:

r6900 v1.0.1.26 1.0.20

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-10686

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-12147
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-10686
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-12147
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-10686
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-12147
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-10686 // NVD: CVE-2024-12147

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2024-12147

EXTERNAL IDS

db:	NVD	id:	CVE-2024-12147	Trust: 1.6
db:	VULDB	id:	286873	Trust: 1.0
db:	CNVD	id:	CNVD-2025-10686	Trust: 0.6

sources: CNVD: CNVD-2025-10686 // NVD: CVE-2024-12147

REFERENCES

url:	https://github.com/upload000/hub/blob/main/iot/netgear_r6900.md	Trust: 1.6
url:	https://vuldb.com/?submit.451858	Trust: 1.0
url:	https://vuldb.com/?id.286873	Trust: 1.0
url:	https://vuldb.com/?ctiid.286873	Trust: 1.0
url:	https://www.netgear.com/about/eos/	Trust: 1.0
url:	https://www.netgear.com/	Trust: 1.0

sources: CNVD: CNVD-2025-10686 // NVD: CVE-2024-12147

SOURCES

db:	CNVD	id:	CNVD-2025-10686
db:	NVD	id:	CVE-2024-12147

LAST UPDATE DATE

2025-05-28T23:23:05.234000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10686	date:	2025-05-27T00:00:00
db:	NVD	id:	CVE-2024-12147	date:	2025-01-14T14:15:28.163

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10686	date:	2025-05-22T00:00:00
db:	NVD	id:	CVE-2024-12147	date:	2024-12-04T18:15:11.803