CVE-2017-18801

Vulnerability

A command injection vulnerability exists in several NETGEAR devices, including the R6220 (prior to firmware version 1.1.0.50), R6700v2 (prior to 1.1.0.38), R6800 (prior to 1.1.0.38), WNDR3700v5 (prior to 1.1.0.48), and D7000 (prior to 1.0.1.50) [1]. The vulnerability is present in the firmware's web interface and allows an attacker who has already gained administrative access to inject operating system commands through a crafted request.

Exploitation

An attacker must first have administrative (high-privilege) credentials and be able to send crafted HTTP requests to the device's management interface [1]. The attacker can then inject arbitrary commands into a vulnerable input field, which the device will execute with root privileges. No user interaction beyond initial authentication is required.

Impact

Successful exploitation allows a local attacker with administrative access to execute arbitrary commands on the device, leading to full compromise of the router's operating system. The CVSS v3 score of 6.7 (Medium) reflects the high impact on confidentiality, integrity, and availability, but the requirement for high privileges restricts the attack vector to authenticated administrators [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected products: R6220 firmware version 1.1.0.50, R6700v2 firmware version 1.1.0.38, R6800 firmware version 1.1.0.38, WNDR3700v5 firmware version 1.1.0.48, and D7000 firmware version 1.0.1.50 [1]. Users should update to the latest firmware via NETGEAR Support. No workaround is available, and there is no indication this CVE is listed on CISA's Known Exploited Vulnerabilities catalog.