CVE-2018-21154

Vulnerability

A post-authentication command injection vulnerability exists in the web management interface of several NETGEAR gateways and routers. Affected models include D7800 (before firmware 1.0.1.34), DM200 (before 1.0.0.50), R6100 (before 1.0.1.22), R7500 (before 1.0.0.122), R7500v2 (before 1.0.3.26), and R7800 (before 1.0.2.42). The vulnerability is reachable only after a user has authenticated to the device's administrative interface [1].

Exploitation

An attacker must possess valid credentials for the device's web-based management interface. Once authenticated, the attacker can send specially crafted HTTP requests to inject arbitrary operating system commands through a vulnerable input parameter. No additional user interaction or network position beyond local network access is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root-level privileges on the affected device. This can lead to full compromise of the device, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further attacks on the local network [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should upgrade to the following versions or later: D7800 to 1.0.1.34, DM200 to 1.0.0.50, R6100 to 1.0.1.22, R7500 to 1.0.0.122, R7500v2 to 1.0.3.26, and R7800 to 1.0.2.42. No workarounds are available; updating the firmware is the only recommended mitigation [1].