CVE-2018-21141

Vulnerability

A denial of service vulnerability exists in several NETGEAR router models. The affected devices include R6100 before firmware version 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64 [1]. The specific code path and conditions required to trigger the vulnerability are not detailed in the available reference.

Exploitation

The advisory does not specify the attack vector or prerequisites for exploitation. However, as a denial of service vulnerability, an attacker likely needs network access to the device, possibly from the local network or the WAN side, depending on the nature of the flaw. No authentication or user interaction is mentioned as required [1].

Impact

Successful exploitation leads to a denial of service condition, rendering the router unavailable or unresponsive. This disrupts network connectivity for all devices behind the affected router [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible. The fixed versions are: R6100 1.0.1.22, R7500 1.0.0.122, R7800 1.0.2.42, R8900 1.0.3.10, R9000 1.0.3.10, WNDR3700v4 1.0.2.96, WNDR4300 1.0.2.98, WNDR4300v2 1.0.0.54, WNDR4500v3 1.0.0.54, and WNR2000v5 1.0.0.64 [1]. No workarounds are provided; updating firmware is the recommended mitigation.