CVE-2017-18751

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of several NETGEAR routers and gateways. The flaw is triggered before authentication, meaning no login credentials are required to reach the vulnerable code path. Affected models and their fixed firmware versions are: D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48 [1].

Exploitation

An unauthenticated attacker with network access to the affected device (adjacent network, as indicated by the CVSS vector AV:A) can exploit this vulnerability by sending a specially crafted packet. No user interaction or prior authentication is required. The exact sequence of steps is not publicly detailed, but the advisory confirms the overflow occurs pre-authentication [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the device with elevated privileges, likely root. This leads to full compromise of confidentiality, integrity, and availability (CIA). The CVSS v3 score is 8.8 (High) with vector CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models as listed in the Vulnerability section. Users should download and install the latest firmware from the NETGEAR Support website. No workarounds are provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].