CVE-2018-21097

Vulnerability

A stack-based buffer overflow vulnerability exists in the pre-authentication code of several NETGEAR wireless access points. An unauthenticated attacker can trigger this overflow by sending a specially crafted packet to the device. The affected models and the fixed firmware versions are: WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5 [1].

Exploitation

The vulnerability can be exploited remotely by an unauthenticated attacker who sends a malicious packet to the target device's management interface or wireless service. No prior access or credentials are required. The exact sequence of steps is not publicly detailed, but the advisory confirms that the overflow condition occurs before authentication, making the attack surface readily accessible [1].

Impact

Successful exploitation of the stack-based buffer overflow may allow the attacker to cause a denial of service by crashing the device, or potentially achieve arbitrary code execution with the privileges of the vulnerable service (likely root or system-level). This could lead to full compromise of the access point, enabling further attacks on the network [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: WAC505 to 5.0.5.4, WAC510 to 5.0.5.4, WAC120 to 2.1.7, WN604 to 3.3.10, WNAP320 to 3.7.11.4, WNAP210v2 to 3.7.11.4, WNDAP350 to 3.7.11.4, WNDAP360 to 3.7.11.4, WNDAP660 to 3.7.11.4, WNDAP620 to 2.1.7, and WND930 to 2.1.5 [1]. No workarounds are available if the device cannot be patched. These devices are not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.