CVE-2017-18798

Vulnerability

A security misconfiguration vulnerability exists in certain NETGEAR devices. The affected models are: R6700v2 before firmware version 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. The exact nature of the misconfiguration is not detailed in the advisory, but it allows an attacker to compromise the device's security settings [1].

Exploitation

According to the CVSS vector provided in the advisory (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), exploitation requires local access to the device, but no privileges or user interaction. The attack complexity is low. Specific exploitation steps are not disclosed in the available references [1].

Impact

Successful exploitation could lead to complete compromise of the device, including high impact on confidentiality, integrity, and availability. An attacker could gain full control over the affected router or DSL modem [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should update to the following versions or later: R6700v2 to 1.1.0.38, R6800 to 1.1.0.38, D7000 to 1.0.1.50, and D1500 to 1.0.0.25. The firmware can be downloaded from the NETGEAR Support website. No workarounds are mentioned [1].