CVE-2017-18718

Vulnerability

A stack-based buffer overflow exists in the pre-authentication code path of several NETGEAR routers. The vulnerability affects the following models running firmware versions prior to the indicated fixed release: D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. An unauthenticated attacker can trigger the overflow by sending a specially crafted packet to the device, as the vulnerable code is reachable without any prior authentication [1].

Exploitation

An attacker must be on the same network (adjacent) to exploit this vulnerability, as indicated by the CVSS vector (AV:A). No authentication or user interaction is required. The attacker sends a malicious network packet to the target device, which triggers the stack overflow in the pre-authentication processing logic [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution on the device. The CVSS v3 score of 8.8 (High) with impacts to Confidentiality, Integrity, and Availability all rated as High indicates that the attacker can gain full control of the affected router, potentially leading to data disclosure, device manipulation, or denial of service [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: D6200 firmware version 1.1.00.24, R6700v2 firmware version 1.1.0.42, R6800 firmware version 1.1.0.42, and R6900v2 firmware version 1.1.0.42. Users should update to the latest firmware as soon as possible. No workarounds are provided; the only mitigation is applying the firmware update [1].