CVE-2018-21144

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR router models, including DM200, R7500, R7800, R8900, R9000, WNDR3700v4, WNDR4300, WNDR4300v2, WNDR4500v3, and WNR2000v5. The vulnerability can be triggered by an authenticated user sending specially crafted input, potentially leading to a crash or arbitrary code execution. Affected firmware versions are prior to 1.0.0.52 for DM200, 1.0.0.122 for R7500, 1.0.2.42 for R7800, 1.0.3.10 for R8900, 1.0.3.16 for R9000, 1.0.2.96 for WNDR3700v4, 1.0.2.98 for WNDR4300, 1.0.0.54 for WNDR4300v2, 1.0.0.54 for WNDR4500v3, and 1.0.0.64 for WNR2000v5 [1].

Exploitation

An attacker must first authenticate to the device with valid credentials. After authentication, the attacker can exploit the stack overflow by sending a crafted request or input to a vulnerable service on the router. Specific exploitation steps are not detailed in the available references, but the condition requires authenticated access and the ability to deliver malicious data to the affected code path [1].

Impact

Successful exploitation could allow the authenticated attacker to crash the device (denial of service) or potentially execute arbitrary code with the privileges of the affected process. The exact impact depends on the router model and firmware version, but a stack overflow could lead to control of the execution flow [1].

Mitigation

The vulnerability is fixed in the firmware versions listed. Users are strongly recommended to update to the latest firmware for their device: DM200 version 1.0.0.52, R7500 version 1.0.0.122, R7800 version 1.0.2.42, R8900 version 1.0.3.10, R9000 version 1.0.3.16, WNDR3700v4 version 1.0.2.96, WNDR4300 version 1.0.2.98, WNDR4300v2 version 1.0.0.54, WNDR4500v3 version 1.0.0.54, and WNR2000v5 version 1.0.0.64 [1]. No workarounds are provided in the advisory. If a device is no longer supported, upgrading to a supported model is recommended.