CVE-2017-18698

Vulnerability

A stack-based buffer overflow vulnerability exists in certain NETGEAR routers when an authenticated user sends a crafted request. The affected models and firmware versions are: R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52 [1]. The vulnerability is reachable after successful authentication, meaning the attacker must have valid credentials or have obtained access to the admin interface.

Exploitation

An attacker with authenticated access to the router's management interface can trigger the overflow by sending a specially crafted request. No user interaction is required beyond the initial authentication. The attack vector is over the adjacent network (AV:A) according to the CVSS vector [1]. The attacker must have high privileges (PR:H) as the authenticated user. The exact sequence of steps is not publicly detailed in the advisory, but the vulnerability is a stack overflow that can be triggered via a network request to the router's web or management interface.

Impact

Successful exploitation allows an authenticated attacker to achieve arbitrary code execution with the privileges of the vulnerable process. The CVSS v3.0 score is 6.8 (High) with the vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) within the affected system [1]. The attacker can gain full control of the device, potentially leading to further network compromise.

Mitigation

NETGEAR has released fixed firmware versions to address this vulnerability: R6100 firmware version 1.0.1.20, R7800 firmware version 1.0.2.40, and R9000 firmware version 1.0.2.52 [1]. Users should download and install the latest firmware from NETGEAR Support as soon as possible. The advisory states that the vulnerability remains if the recommended steps are not completed [1]. There are no workarounds other than applying the firmware update.