CVE-2017-18791

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in several NETGEAR routers and modem-router combos. Affected models include R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50. The vulnerability allows an attacker to forge requests that are executed with the privileges of an authenticated user [1].

Exploitation

An attacker does not need authentication but must trick an authenticated user into clicking a malicious link or visiting a crafted web page while the user is logged into the device's web interface. The attacker can then submit arbitrary requests, such as changing administrative settings or modifying network configuration, without the user's knowledge [1].

Impact

Successful exploitation enables the attacker to perform any action the authenticated user can, including modifying device settings, enabling remote access, or exfiltrating sensitive information. The CVSS v3 score of 8.8 (High) reflects the potential for complete compromise of confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should upgrade to the fixed versions listed in the advisory: R6050/JR6150 to 1.0.1.7, PR2000 to 1.0.0.17, R6220 to 1.1.0.50, WNDR3700v5 to 1.1.0.48, JNR1010v2 to 1.1.0.40, JWNR2010v5 to 1.1.0.40, WNR1000v4 to 1.1.0.40, WNR2020 to 1.1.0.40, WNR2050 to 1.1.0.40, WNR614 to 1.1.0.40, WNR618 to 1.1.0.40, and D7000 to 1.0.1.50. No workarounds are provided; upgrading is the only recommended mitigation [1].