CVE-2017-18739

Vulnerability

A pre-authentication buffer overflow vulnerability exists in multiple NETGEAR router models. The affected devices include R6220 (versions before V1.1.0.50), R7800 (versions before V1.0.2.36), WNDR3400v3 (versions before 1.0.1.14), and WNDR3700v5 (versions before V1.1.0.48). The vulnerability is reachable without authentication, meaning no valid credentials or prior access are required [1].

Exploitation

An unauthenticated attacker can exploit this flaw from the local network segment. The attack does not require user interaction or any special privileges. By sending a specially crafted request to the affected device, the attacker triggers a buffer overflow condition [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with elevated privileges or cause a denial-of-service (device crash). The CVSS v3 score is 8.8 with a vector of CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should immediately update to the following versions or later: V1.1.0.50 for R6220, V1.0.2.36 for R7800, 1.0.1.14 for WNDR3400v3, and V1.1.0.48 for WNDR3700v5. The fixes are available via NETGEAR Support [1].