CVE-2017-18727

Vulnerability

A stack-based buffer overflow exists in the pre-authentication code of multiple NETGEAR routers. The vulnerability affects the following models and firmware versions: D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. An unauthenticated attacker can trigger the overflow by sending a specially crafted request to the device, without requiring any prior authentication or user interaction [1].

Exploitation

An attacker must be on the same local network (adjacent network) as the target device. No authentication is needed. The attacker sends a malicious network packet to a vulnerable service listening on the router. The packet contains data that overflows a stack buffer, overwriting critical memory regions. The attack does not require any user interaction or special privileges [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with high privileges (likely root). This leads to a full compromise of the device, including disclosure of sensitive information, modification of device configuration, and denial of service. The CVSS v3 score is 8.8 (High) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released fixed firmware versions: D6200 firmware 1.1.00.24, R6700v2 firmware 1.1.0.42, R6800 firmware 1.1.0.42, and R6900v2 firmware 1.1.0.42. Users should download and install the latest firmware from the NETGEAR Support website. No workarounds are provided; updating to the patched version is the only mitigation [1]. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.