CVE-2017-18712

Vulnerability

An arbitrary file read vulnerability exists in the web server of multiple NETGEAR router and gateway models. An attacker can read sensitive files from the device's filesystem without authentication. Affected models include: D7800 before firmware version 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48 [1].

Exploitation

An attacker must be on the same local network (adjacent access) to reach the vulnerable web interface. No authentication or user interaction is required. The attacker sends a crafted HTTP request to read arbitrary files from the device's filesystem [1].

Impact

Successful exploitation allows the attacker to read arbitrary files, leading to the disclosure of confidential information stored on the device (e.g., configuration files, credentials, or other sensitive data). The confidentiality of the device is compromised; the CVSS v3 base score is 6.5 (Medium) [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: D7800 1.0.1.28, R6100 1.0.1.20, R7500 1.0.0.118, R7500v2 1.0.3.20, R7800 1.0.2.40, R9000 1.0.2.52, WNDR4300v2 1.0.0.48, and WNDR4500v3 1.0.0.48. Users should update to these versions as soon as possible [1].