Stack-Based Buffer Overflow in Netgear XR300
CVE-2025-52080

6.5MEDIUM

Key Information:

Vendor: Netgear
Status: XR300
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-52080?

A stack-based buffer overflow vulnerability has been identified in the HTTPD service of the Netgear XR300, specifically when processing POST requests that include the share_name parameter at the usb_device.cgi endpoint. This flaw could allow an attacker to exploit the service, potentially leading to unintended behavior or system compromise. Users should ensure their devices are updated to the latest firmware to mitigate this risk.

References

https://github.com/lafdrew/IOT/blob/main/Netgear%20XR300/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 16, 2025