Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52081

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.

Published

2025-07-15T16:15:37.373

Last Modified

2025-07-16T14:28:55.697

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	xr300_firmware	v1.0.3.38_10.3.30	Yes
Hardware	netgear	xr300	-	No

References

https://github.com/lafdrew/IOT/blob/main/Netgear%20XR300/usb_folder%20of%20usb_device.cgi/buffer%20overflow%20in%20usb_folder%20of%20usb_device.cgi.md Exploit, Third Party Advisory ([email protected])