CVE-2017-18754

Vulnerability

A post-authentication command injection vulnerability exists in the firmware of several NETGEAR routers [1]. The flaw affects the following models and firmware versions: WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58 [1]. The vulnerability is reachable when an authenticated user submits crafted input that is improperly sanitized, allowing command injection [1].

Exploitation

An attacker must first authenticate to the router's administrative interface with valid credentials [1]. Once authenticated, the attacker can send specially crafted requests to the affected functionality, leading to command injection [1]. The attack vector is adjacent network (AV:A), requires high privileges (PR:H), and no user interaction (UI:N) [1]. The CVSS v3 vector is CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [1].

Impact

A successful exploit allows the attacker to execute arbitrary commands on the affected device with root privileges [1]. This results in full compromise of confidentiality, integrity, and availability (CIA) of the router [1]. The attacker can read sensitive data, modify configuration, install malware, or disrupt services [1].

Mitigation

NETGEAR has released fixed firmware versions: 1.0.2.88 for WNDR3700v4, 1.0.2.90 for WNDR4300v1, and 1.0.0.58 for WNR2000v5 [1]. Users should download and install the latest firmware from NETGEAR's support site as soon as possible [1]. No workarounds are mentioned; applying the firmware update is the only recommended mitigation [1].