CVE-2017-18766

Vulnerability

An arbitrary file read vulnerability exists in NETGEAR DST6501 firmware versions prior to 1.1.0.6 and WNR2000v2 firmware versions prior to 1.2.0.8 [1]. The vulnerability allows an attacker to read arbitrary files from the device, though the specific component or file path is not disclosed in the advisory [1].

Exploitation

An attacker can exploit this vulnerability from an adjacent network (AV:A) without authentication (PR:N) and without user interaction (UI:N) [1]. The attack complexity is low (AC:L) [1]. The attacker must be within wireless range or on the same local network to send crafted requests that trigger the file read [1].

Impact

Successful exploitation enables an attacker to read arbitrary files on the device, potentially exposing sensitive information such as configuration files, credentials, or other data [1]. The CVSS v3 score of 8.8 (High) with a vector of CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates that the vulnerability could also lead to high integrity and availability impacts, though the primary described impact is file read [1].

Mitigation

NETGEAR has released fixed firmware versions: DST6501 firmware version 1.1.0.6 and WNR2000v2 firmware version 1.2.0.8 [1]. Users should update to these versions or later by downloading the latest firmware from NETGEAR Support [1]. No workarounds are provided, and the vulnerability is not listed on CISA KEV as of the publication date [1].