CVE-2017-18716

Vulnerability

A stack-based buffer overflow vulnerability exists in the pre-authentication code path of several NETGEAR routers. The flaw affects the following models and firmware versions: D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. An unauthenticated attacker can trigger the overflow by sending a specially crafted request to the device, as the vulnerable code is reachable without any prior authentication [1].

Exploitation

An attacker must be on the same network segment as the target device (adjacent network, CVSSv3 vector AV:A). No authentication or user interaction is required. The attacker sends a malicious network request that overflows a stack buffer, potentially corrupting adjacent memory and hijacking the control flow. The exploitation does not require any special privileges or prior access [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the device with root privileges. This results in a complete compromise of confidentiality, integrity, and availability (CVSSv3 base score 8.8, High). The attacker can install persistent backdoors, intercept network traffic, or use the device as a pivot point for further attacks [1].

Mitigation

NETGEAR has released fixed firmware versions: D6200 firmware 1.1.00.24, and R6700v2, R6800, R6900v2 firmware 1.1.0.42. Users should download and install the latest firmware from the NETGEAR Support website. No workarounds are provided; updating to the patched version is the only mitigation. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].