CVE-2017-18735

Vulnerability

CVE-2017-18735 is a pre-authentication command injection vulnerability affecting several NETGEAR devices. The issue exists in the firmware of JR6150 (before 1.0.1.10), PR2000 (before 1.0.0.18), R6050 (before 1.0.1.10), R6700v2 (before 1.2.0.4), R6800 (before 1.2.0.4), and R6900v2 (before 1.2.0.4). The vulnerability is reachable without authentication, requiring network adjacency [1].

Exploitation

An unauthenticated attacker within the same network as the targeted device (adjacent network) can exploit this vulnerability by sending crafted requests to the vulnerable firmware endpoints. No prior authentication or user interaction is needed [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the affected device. This leads to full compromise of the device, enabling data disclosure, modification, or denial of service. The CVSS v3 score is 8.8 (High) with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: JR6150 firmware 1.0.1.10, PR2000 firmware 1.0.0.18, R6050 firmware 1.0.1.10, R6700v2 firmware 1.2.0.4, R6800 firmware 1.2.0.4, and R6900v2 firmware 1.2.0.4. Users should download and install the latest firmware from NETGEAR Support to remediate the vulnerability [1].