CVE-2018-21111

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR devices, including the D3600, D6000, D6100, R7800, R8900, R9000, WNDR3700v4, WNDR4300, WNDR4300v2, WNDR4500v3, and WNR2000v5. The bug is triggered after authentication and can be exploited by an attacker with valid credentials. The affected firmware versions are: D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66 [1].

Exploitation

Exploitation requires an attacker to have authenticated access to the device, such as through the web interface. The attacker then sends a crafted request that overflows a stack buffer. The exact sequence of steps is not disclosed in the available references, but the authenticated nature of the bug implies a local network or compromised credential scenario [1].

Impact

Successful exploitation could allow the authenticated attacker to achieve remote code execution on the affected device, potentially gaining full control of the router or modem-router. This could lead to disclosure of network information, manipulation of traffic, or use of the device as a pivot point for further attacks [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Affected users should upgrade to the latest firmware for their specific model. The fixed versions are: D3600 firmware 1.0.0.75, D6000 firmware 1.0.0.75, D6100 firmware 1.0.0.60, R7800 firmware 1.0.2.52, R8900 firmware 1.0.4.2, R9000 firmware 1.0.4.2, WNDR3700v4 firmware 1.0.2.102, WNDR4300 firmware 1.0.2.104, WNDR4300v2 firmware 1.0.0.58, WNDR4500v3 firmware 1.0.0.58, and WNR2000v5 firmware 1.0.0.66 [1]. NETGEAR strongly recommends updating as soon as possible.