CVE-2017-18794

Vulnerability

A command injection vulnerability exists in the firmware of several NETGEAR routers and gateways. This affects the following models and firmware versions: R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50. The specific vulnerable component and conditions are not publicly detailed, but the flaw allows injection of operating system commands through a web management interface or other service [1].

Exploitation

Exploitation requires an attacker to have local network access to the affected device. The attacker does not need authentication, as the vulnerability can be triggered without valid credentials. By sending specially crafted input to a vulnerable endpoint (likely the web-based administration interface), the attacker can inject arbitrary commands that are executed with root or system-level privileges. The exact sequence of steps has not been disclosed [1].

Impact

Successful exploitation results in complete compromise of the device. An attacker can execute arbitrary commands with elevated privileges, leading to full confidentiality, integrity, and availability impact. This could allow an attacker to read sensitive data, modify device configuration, install malware, or render the device unusable [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: R6300v2 version 1.0.4.8_10.0.77, R6400 version 1.0.1.24, R6700 version 1.0.1.26, R7000 version 1.0.9.10, R7100LG version 1.0.0.32, R7900 version 1.0.1.18, R8000 version 1.0.3.54, R8500 version 1.0.2.100, and D6100 version 1.0.0.50_0.0.50. Users should download and install the latest firmware from the NETGEAR Support website. No workaround is available if the firmware cannot be updated. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of publication [1].