CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2025-52080

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the sharename parameter...

CVE-2025-52080

Netgear XR300 (V1.0.3.38_10.3.30) is affected by a stack-based buffer overflow in the HTTPD service via usb_device.cgi when processing POST requests that include the share_name parameter. Documented impact is a network-accessible vulnerability with medium severity (CVSS 3.1: 6.5), but the specifi...

PT-2025-29578 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint when processing POST requests containing the share name parameter. Recommendations: Apply update...

PT-2025-29577 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint. The issue occurs when processing POST requests containing the read access parameter...

CVE-2025-52082

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the readaccess parameter...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2025-52080

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the sharename parameter...

CVE-2025-52082

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the readaccess parameter...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2025-52081

CVE-2025-52081 affects Netgear XR300 routers (V1.0.3.38_10.3.30). It is a stack-based buffer overflow in the HTTPD service triggered by POST requests to the usb_device.cgi endpoint when the usb_folder parameter is processed. The vulnerability stems from improper handling in this endpoint, enablin...

CVE-2025-52082

CVE-2025-52082 affects NETGEAR XR300 (V1.0.3.38_10.3.30). The vulnerability is a stack-based buffer overflow in the HTTPD service triggered by POST requests to the usb_device.cgi endpoint when the read_access parameter is processed. Impact is described as potential low/low escalation with network...

PT-2025-29576 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint when processing POST requests containing the usb folder parameter. Recommendations: Update to a...

Fedora: Security Advisory (FEDORA-2025-6d7a183951)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : httpd (2025-6d7a183951)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6d7a183951 advisory. New httpd 2.4.64 release + security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

FreeBSD : Apache httpd -- Multiple vulnerabilities (342f2a0a-5e9b-11f0-8baa-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 342f2a0a-5e9b-11f0-8baa-8447094a420f advisory. The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.64-i586-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. The update resolves a range of issue...

CVE-2025-7421

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be...

CVE-2025-7423 Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack c...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2025-192-02)

The version of httpd installed on the remote host is prior to 2.4.64. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-192-02 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...