CVE-2017-18841

Vulnerability

A command injection vulnerability exists in the firmware of certain NETGEAR devices, including the R6220, R6700v2, R6800, WNDR3700v5, and D7000 models. The flaw affects devices running firmware versions prior to 1.1.0.46 (R6220, WNDR3700v5), 1.1.0.38 (R6700v2, R6800), and 1.0.1.50 (D7000) [1]. The exact component within the firmware is not disclosed, but the vulnerability allows an attacker to inject arbitrary operating system commands.

Exploitation

An attacker must have local access to the device (AV:L) and possess high privileges (PR:H) to exploit this vulnerability. No user interaction is required (UI:N). The attacker can send specially crafted input to the vulnerable component, triggering command injection [1]. The CVSS vector indicates that the attack complexity is low (AC:L), making exploitation straightforward once the necessary access and privileges are obtained.

Impact

Successful exploitation allows the attacker to execute arbitrary commands with high privileges, leading to a full compromise of the device's confidentiality, integrity, and availability (C:H/I:H/A:H). This can result in complete device takeover, enabling data exfiltration, configuration changes, or denial of service [1].

Mitigation

NETGEAR has released firmware updates to address this vulnerability. Users should upgrade to the following fixed versions: R6220 to 1.1.0.46, R6700v2 to 1.1.0.38, R6800 to 1.1.0.38, WNDR3700v5 to 1.1.0.46, and D7000 to 1.0.1.50 [1]. No workarounds are available; installing the latest firmware is the only mitigation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.