CVE-2017-18722

Vulnerability

A stack-based buffer overflow exists in the pre-authentication code of certain NETGEAR router models. Affected devices include the D6200 before firmware version 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42 [1]. The vulnerability can be triggered without any authentication, as it lies in a code path reachable before login.

Exploitation

An unauthenticated attacker on the same network (adjacent) can exploit this vulnerability by sending a specially crafted request to the affected device. No prior authentication or user interaction is required. The lack of access control to the vulnerable functionality allows the attacker to directly send malicious input that overflows the stack buffer [1].

Impact

Successful exploitation leads to a denial-of-service (device crash) or potentially arbitrary code execution with the privileges of the affected service. Given the pre-authentication nature, an attacker could gain a foothold on the device, potentially leading to full compromise of the router and the network it serves [1].

Mitigation

NETGEAR has released fixed firmware versions: D6200 firmware 1.1.00.24, R6700v2 firmware 1.1.0.42, R6800 firmware 1.1.0.42, and R6900v2 firmware 1.1.0.42 [1]. Users are strongly recommended to download and install the latest firmware from NETGEAR Support. There are no known workarounds other than applying the patch. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog as of publication.