CVE-2017-18742

Vulnerability

This is a cross-site request forgery (CSRF) vulnerability affecting several NETGEAR router models. The vulnerability exists in the web management interface. Affected models include JR6150 (before 1.0.1.10), R6050 (before 1.0.1.10), R6250 (before 1.0.4.12), R6300v2 (before 1.0.4.8), R6700 (before 1.0.1.16), R6900 (before 1.0.1.16), R7300DST (before 1.0.0.54), R7900 (before 1.0.1.12), R8000 (before 1.0.3.32), and R8500 (before 1.0.2.74) [1]. The vulnerability allows an attacker to trick an authenticated administrator into executing unintended actions.

Exploitation

An attacker can exploit this CSRF vulnerability by crafting a malicious web page or link that, when visited by an authenticated administrator, triggers unauthorized actions on the router's management interface. The attacker does not need authentication but relies on the victim's active session. The attack requires user interaction (the victim must click the link or visit the page) and can be performed remotely over the network [1].

Impact

Successful exploitation allows an attacker to perform arbitrary actions on the affected router with the privileges of the authenticated administrator. This could include changing configuration settings, modifying firewall rules, or other administrative operations, potentially leading to full compromise of the device and network [1]. The CVSS v3 score is 8.8 (High) with vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should update to the following versions or later: JR6150 to 1.0.1.10, R6050 to 1.0.1.10, R6250 to 1.0.4.12, R6300v2 to 1.0.4.8, R6700 to 1.0.1.16, R6900 to 1.0.1.16, R7300DST to 1.0.0.54, R7900 to 1.0.1.12, R8000 to 1.0.3.32, and R8500 to 1.0.2.74 [1]. No workarounds are mentioned; updating firmware is the recommended mitigation. The advisory was published in 2020, so patches have been available for some time.