CVE-2017-18737

Vulnerability

A pre-authentication command injection vulnerability exists in several NETGEAR router and extender models. This flaw allows an unauthenticated attacker to inject arbitrary commands via a specially crafted request. The affected devices include JNR1010v2 before firmware 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44 [1].

Exploitation

An attacker does not need authentication to exploit this vulnerability. The attacker must be on the same local network (adjacent) as the target device [1]. By sending a crafted HTTP request to the management interface, the attacker can trigger command injection. No user interaction is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. This can lead to full compromise of the device, including complete control over confidentiality, integrity, and availability (C:H/I:H/A:H) [1].

Mitigation

NETGEAR has released firmware updates that fix this vulnerability for all affected models. Users should download and install the latest firmware from the NETGEAR Support website as soon as possible [1]. No workarounds are currently available; applying the patch is the only mitigation.