CVE-2016-11055

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in numerous NETGEAR devices, including CM400, CM600, D1500, D500, DST6501, JNR1010v1, JWNR2000Tv3, JWNR2010v3, PLW1000, PLW1010, WNR500, WNR612v3, N450, and CG3000Dv2, in firmware versions before 2017-01-11 [1]. The flaw allows an attacker to forge requests that execute unintended actions on the device.

Exploitation

An attacker can exploit this CSRF by tricking an authenticated administrator into visiting a malicious website or clicking a crafted link. If the victim is currently logged into the router's web interface, the attacker's script can automatically send requests to change device settings without the victim's knowledge [1]. No authentication or network access is required beyond the victim's active session.

Impact

Successful exploitation enables the attacker to modify router configuration as if they were the administrator. For routers, this could allow remote access to the private network and compromise data confidentiality and integrity. For affected Powerline adapters (PLW1000, PLW1010), only adapter settings can be altered, not the private network [1].

Mitigation

NETGEAR has released firmware fixes for all affected models, available on the product support pages [1]. Users should update their device firmware to a version dated after 2017-01-11. For cable products like the N450 (CG3000Dv2), updates are distributed by the Internet service provider. No workaround is available other than applying the firmware update [1].