CVE-2017-18728

Vulnerability

A pre-authentication stack-based buffer overflow exists in multiple NETGEAR router models. The vulnerability affects the D6200 before firmware version 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42 [1]. An unauthenticated attacker can trigger the overflow by sending specially crafted network requests to the device.

Exploitation

An attacker must be on the same local network as the target device (adjacent network position) as the CVSS vector indicates AV:A. No authentication or user interaction is required (PR:N, UI:N). The attacker sends a maliciously crafted packet that exploits the stack overflow, potentially leading to code execution [1].

Impact

Successful exploitation allows an unauthenticated attacker to achieve high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The attacker could execute arbitrary code on the affected router, potentially gaining full control over the device [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: 1.1.00.24 for D6200, and 1.1.0.42 for R6700v2, R6800, and R6900v2. Users should download and install the latest firmware from NETGEAR Support immediately [1]. There is no known workaround.