CVE-2017-18743

Vulnerability

An authentication bypass vulnerability exists in the web management interface of several NETGEAR routers. Affected models include R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40 [1]. The bug can be triggered without any prior authentication or special privileges.

Exploitation

An attacker who is on the same local network as the vulnerable device can send specially crafted requests to the router's management interface to bypass authentication [1]. No valid credentials or user interaction are required; the attacker only needs network-level access to the router's LAN interface.

Impact

Successful exploitation grants the attacker full administrative (root) access to the router. This leads to complete compromise of confidentiality, integrity, and availability of the device: the attacker can read configuration data, modify settings, install malicious firmware, or disrupt normal operation [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models as listed in the vulnerability section [1]. Users should immediately update to the latest firmware via the NETGEAR Support portal. No workaround is available other than applying the patch. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.