CVE-2017-18706

Vulnerability

A security misconfiguration vulnerability exists in multiple NETGEAR routers, including R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62. The incorrect configuration of security settings allows an attacker to impact device availability.

Exploitation

An unauthenticated attacker with network adjacency can exploit this vulnerability without any user interaction. The CVSS v3 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates low attack complexity and no required privileges. The exact exploitation steps are not detailed in the available references, but the adjacency requirement suggests the attacker must be on the same local network segment as the target device.

Impact

Successful exploitation leads to a high availability impact, potentially causing a denial of service on the affected router. There is no impact on confidentiality or integrity. The vulnerability is rated as Medium severity with a CVSS score of 6.5.

Mitigation

NETGEAR has released fixed firmware versions for all affected models: R6100 (1.0.1.20), R7500 (1.0.0.118), WNDR3700v4 (1.0.2.88), WNDR4300 (1.0.2.90), WNDR4300v2 (1.0.0.48), WNDR4500v3 (1.0.0.48), and WNR2000v5 (1.0.0.62). Users should download and install the latest firmware from the NETGEAR support website. No workarounds are listed for unpatched devices. [1]