CVE-2017-18773

Vulnerability

A post-authentication command injection vulnerability exists in the web interface of multiple NETGEAR devices. An authenticated user can inject arbitrary operating system commands through a vulnerable input field. Affected models and firmware versions include: D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48 [1].

Exploitation

An attacker must first obtain valid credentials for the device's web administration interface. Once authenticated, the attacker can send specially crafted HTTP requests to a vulnerable endpoint, injecting command-line syntax into a parameter that is later executed by the system shell. No additional user interaction is required beyond the initial authentication [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the device. This leads to full compromise of confidentiality, integrity, and availability, including the ability to read sensitive data, modify device configuration, install malware, or disrupt network services. The CVSS v3 score is 6.7 (Medium) with a vector of AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: D6100 to V1.0.0.55, D7800 to V1.0.1.24, EX6150v2 to 1.0.0.48, R6100 to 1.0.1.14, R7500 to 1.0.0.110, R7500v2 to V1.0.3.16, R7800 to V1.0.2.36, WNDR4300v1 to 1.0.2.90, WNDR4300v2 to 1.0.0.48, WNDR4500v3 to 1.0.0.48, and WNR2000v5 to 1.0.0.48. No workarounds are provided; updating firmware is the only recommended mitigation [1].