CVE-2025-52081

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.

Published: Jul 15, 2025
Updated: Jul 17, 2025
CVE: CVE-2025-52081
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netgear / xr300_firmware	1.0.3.38	1.0.3.38.x

https://github.com/lafdrew/IOT/blob/main/Netgear%20XR300/usb_folder%20of%20usb_device.cgi/buffer%20overflow%20in%20usb_folder%20of%20usb_device.cgi.md

Vulnerability Database

CVE-2025-52081