CVE-2017-18852

Vulnerability

A cross-site request forgery (CSRF) and authentication bypass vulnerability exists in multiple NETGEAR router models. Affected devices and firmware versions are: R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14 [1]. The exact vulnerable component is not detailed in the available references, but the vulnerability allows an attacker to bypass authentication and perform unauthorized actions via CSRF.

Exploitation

According to the advisory, the vulnerability can be exploited by an attacker with local access to the network (CVSSv3 vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [1]. No user interaction is required for exploitation. The attacker would need to craft a malicious request that targets the router’s web interface, exploiting the CSRF and authentication bypass to perform actions without proper credentials.

Impact

Successful exploitation could allow an attacker to gain high-level access to the affected router, leading to complete compromise of confidentiality, integrity, and availability [1]. The CVSSv3 score is 8.4 (High), indicating significant potential for harm, including unauthorized configuration changes, data disclosure, or denial of service.

Mitigation

NETGEAR has released fixed firmware versions: 1.0.0.54 for R7300DST, 1.0.2.100_1.0.82 for R8300 and R8500, and 1.0.1.14 for WNDR3400v3 [1]. Users are strongly advised to update to these or later versions as soon as possible. No workarounds are provided, and unpatched devices remain vulnerable.