CVE-2017-18726

Vulnerability

A stack-based buffer overflow vulnerability exists in the pre-authentication code path of certain NETGEAR routers. The affected devices are the R6020, R6080, R6700v2, R6800, and R6900v2. For the R6020 and R6080, firmware versions prior to 1.0.0.30 are vulnerable; for the R6700v2, R6800, and R6900v2, firmware versions prior to 1.1.0.42 are vulnerable [1]. The vulnerability can be triggered remotely without requiring any authentication [1].

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the affected device over the local network. No authentication, user interaction, or special privileges are required to reach the vulnerable code path. The exact sequence of steps is not publicly detailed, but the advisory confirms that the vulnerability is reachable prior to any authentication [1].

Impact

Successful exploitation allows an attacker to cause a stack overflow, which can lead to arbitrary code execution. The CVSS v3 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that a successful attack can result in complete compromise of confidentiality, integrity, and availability of the affected device [1]. There is no information suggesting privilege escalation beyond full device control.

Mitigation

NETGEAR has released fixed firmware versions to address this vulnerability: firmware version 1.0.0.30 for the R6020 and R6080, and firmware version 1.1.0.42 for the R6700v2, R6800, and R6900v2 [1]. Users should download and install the latest firmware from NETGEAR Support for their respective device model. No workarounds are provided; installing the fixed firmware is the only recommended mitigation [1].