CVE-2018-21148

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR routers and gateways. The flaw is triggered when an authenticated user sends crafted input to a specific service or handler, causing the stack to overflow. Affected models include D7800 (before 1.0.1.34), DM200 (before 1.0.0.50), R6100 (before 1.0.1.22), R7500 (before 1.0.0.122), R7500v2 (before 1.0.3.26), R7800 (before 1.0.2.42), R8900 (before 1.0.3.10), R9000 (before 1.0.3.10), WNDR3700v4 (before 1.0.2.96), WNDR4300 (before 1.0.2.98), WNDR4300v2 (before 1.0.0.54), WNDR4500v3 (before 1.0.0.54), and WNR2000v5 (before 1.0.0.64) [1].

Exploitation

An attacker must first authenticate to the device. Once authenticated, the attacker can send specially crafted data (likely via a web interface or a management protocol) that exploits the stack overflow. The exact steps are not detailed in the available references, but the vulnerability is reachable after authentication is established [1].

Impact

Successful exploitation of the stack overflow may allow the attacker to crash the device (denial of service) or potentially achieve arbitrary code execution with elevated privileges, compromising the confidentiality, integrity, and availability of the device. The advisory does not provide deeper technical details on the privilege level obtained, but the impact is considered serious due to the widespread use of these devices in network environments [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should update their devices to the latest firmware version as specified: D7800 to 1.0.1.34, DM200 to 1.0.0.50, R6100 to 1.0.1.22, R7500 to 1.0.0.122, R7500v2 to 1.0.3.26, R7800 to 1.0.2.42, R8900 to 1.0.3.10, R9000 to 1.0.3.10, WNDR3700v4 to 1.0.2.96, WNDR4300 to 1.0.2.98, WNDR4300v2 to 1.0.0.54, WNDR4500v3 to 1.0.0.54, and WNR2000v5 to 1.0.0.64. Firmware files are available via the NETGEAR Support website [1].