VU576779 Netgear httpd upgrade_check.cgi stack buffer overflow
https://www.kb.cert.org/vuls/id/576779

>Overview
>
>Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges.
>Description
>
>Many Netgear devices contain an embedded web server, which is provided by the httpd process, to provide administrative capabilities. On multiple Netgear devices, this code fails to properly validate the header size provided to the upgrade_check.cgi handler. Despite copying the header to a fixed-size buffer on the stack, the vulnerable code copies an attacker-provided count of bytes from attacker-provided data. This allows for remote code execution by way of stack buffer overflow. This vulnerability is exacerbated by a number of issues:
>
> The httpd process runs with root privileges.
> Stack cookies, which can help prevent exploitation of stack buffer overflows, are not universally used in Netgear devices.
> Authentication is not required to reach the vulnerable code.
> The vulnerability occurs before Cross-Site Request Forgery (CSRF) token checking occurs.
> Target device fingerprinting can occur by visiting the /currentsetting.htm page on an affected device.
>
>Exploit code that targets 79 different Netgear devices is publicly available.

Security Advisory for Multiple Vulnerabilities on Some Routers, Mobile Routers, Modems, Gateways, and Extenders Answer | NETGEAR Support
https://nu.federati.net/url/271263

Time to update again...