CVE-2024-50994 identifies multiple stack-based buffer overflow vulnerabilities in the Netgear R8500 router firmware version 1.0.2.160, specifically within the ipv6_fix.cgi CGI script. The vulnerable parameters—ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length—are used to configure IPv6 WAN and LAN IP addresses and their lengths. Improper input validation allows an attacker with low privileges (PR:L) and network access (AV:A) to send specially crafted POST requests that overflow stack buffers, causing the device to crash or reboot, resulting in Denial of Service (DoS). The CVSS 3.1 base score is 5.7, reflecting a medium severity due to the lack of impact on confidentiality or integrity and the requirement for some privileges and network access. The vulnerability is classified under CWE-120 (Classic Buffer Overflow). No patches or known exploits are currently available, but the flaw poses a risk to network availability, especially in environments relying on IPv6 configurations. The attack does not require user interaction and affects the router’s management interface, which may be exposed internally or remotely depending on configuration.

The primary impact of CVE-2024-50994 is the disruption of network availability through Denial of Service attacks. Organizations using the affected Netgear R8500 routers may experience network outages or degraded performance if an attacker exploits these stack overflow vulnerabilities. This can interrupt business operations, especially in environments where these routers serve as critical network gateways or handle IPv6 traffic. Although the vulnerability does not compromise data confidentiality or integrity, the loss of availability can affect productivity, customer access, and potentially safety-critical systems relying on continuous network connectivity. The requirement for low privileges and network access limits the attack surface to internal or trusted networks unless remote management is enabled without adequate protections. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits rapidly after disclosure.

To mitigate CVE-2024-50994, organizations should immediately restrict access to the Netgear R8500 router’s management interfaces, especially the IPv6 configuration CGI scripts, limiting them to trusted internal networks and authorized personnel only. Disable remote management features if not strictly necessary. Monitor network traffic for unusual POST requests targeting the ipv6_fix.cgi endpoint. Implement network segmentation to isolate critical routers from less trusted segments. Regularly check Netgear’s official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. As a temporary measure, consider disabling IPv6 on the router if it is not required, to reduce the attack surface. Additionally, maintain robust network monitoring and incident response capabilities to detect and respond to potential DoS attempts. Document and test recovery procedures to minimize downtime in case of exploitation.