CNNVD-202507-2053 Information

CNNVD ID

CNNVD-202507-2053

Related CVE

CVE-2025-52081

• CNNVD Published: 2025-07-15

Description (Chinese)

NETGEAR XR300是美国网件（NETGEAR）公司的一款无线路由器。 NETGEAR XR300 V1.0.3.38_10.3.30版本存在安全漏洞，该漏洞源于HTTPD服务在处理usb_device.cgi端点的POST请求时存在栈缓冲区溢出。

Description (English)

NETGEAR XR300 is a wireless router of NETGEAR. NETGEAR XR 300 V1.0.3.38 version 10.3.30 contains a security loophole, which stems from the spilling of a hedge buffer zone by the HTTPD service when dealing with POST requests at the Usb device.cgi endpoint.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Netiket

Published

2025-07-15

Last Modified

2026-02-24

References

https://github.com/lafdrew/IOT/blob/main/Netgear%20XR300/usb_folder%20of%20usb_device.cgi/buffer%20overflow%20in%20usb_folder%20of%20usb_device.cgi.md https://nvd.nist.gov/vuln/detail/CVE-2025-52081 https://access.redhat.com/security/cve/cve-2025-52081

Patch

https://www.netgear.com/support/download/?_ga=2.39051171.1615439249.1752631509-61040898.1750815963&model=XR300