CVE-2017-18786

Vulnerability

A command injection vulnerability exists in several NETGEAR router models, including D6200, JNR1010v2, JR6150, JWNR2010v5, PR2000, R6050, WNR1000v4, WNR2020, and WNR2050. The affected firmware versions are prior to 1.1.00.24 for D6200, 1.1.0.44 for JNR1010v2, 1.0.1.12 for JR6150, 1.1.0.44 for JWNR2010v5, 1.0.0.20 for PR2000, 1.0.1.12 for R6050, 1.1.0.44 for WNR1000v4, 1.1.0.44 for WNR2020, and 1.1.0.44 for WNR2050 [1]. The bug resides in an unspecified component and can be triggered without authentication, as per the CVSS vector [1].

Exploitation

An attacker with local network access (AV:L) can exploit the vulnerability by sending specially crafted input to a vulnerable interface. No user interaction or privileges are required (PR:N, UI:N) [1]. The command injection allows the attacker to execute arbitrary operating system commands on the device. The exact attack vector or parameter used for injection is not detailed in the available references.

Impact

Successful exploitation results in complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) [1]. The attacker gains the ability to execute arbitrary commands with the privileges of the affected service, potentially leading to full device control, data exfiltration, or denial of service.

Mitigation

NETGEAR has released fixed firmware versions for all affected models, as listed in their security advisory [1]. Users should upgrade to the following firmware versions or later: D6200 to 1.1.00.24, JNR1010v2 to 1.1.0.44, JR6150 to 1.0.1.12, JWNR2010v5 to 1.1.0.44, PR2000 to 1.0.0.20, R6050 to 1.0.1.12, WNR1000v4 to 1.1.0.44, WNR2020 to 1.1.0.44, and WNR2050 to 1.1.0.44 [1]. No workarounds are provided. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.