CVE-2017-18762

Vulnerability

A pre-authentication command injection vulnerability exists in the web interface of several NETGEAR routers and gateways. The flaw allows an unauthenticated attacker to inject arbitrary operating system commands via specially crafted requests. Affected models and firmware versions include: D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58 [1].

Exploitation

An attacker must be on the same local network as the target device (adjacent network, CVSSv3 vector AV:A). No authentication or user interaction is required. The attacker sends a crafted HTTP request to a vulnerable endpoint on the device, injecting command-line arguments that are executed by the underlying operating system [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the device. This can lead to full compromise of the router or gateway, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further network attacks [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: D3600 to 1.0.0.68, D6000 to 1.0.0.68, D6100 to 1.0.0.57, R6100 to 1.0.1.16, R6900P to 1.2.0.22, R7000 to 1.0.9.10, R7000P to 1.2.0.22, R7100LG to 1.0.0.40, WNDR3700v4 to 1.0.2.88, WNDR4300v1 to 1.0.2.90, WNDR4300v2 to 1.0.0.48, WNDR4500v3 to 1.0.0.48, and WNR2000v5 to 1.0.0.58 [1]. No workarounds are available; updating firmware is the only mitigation.