CVE-2018-21172

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR router models. The flaw is triggered when an authenticated user sends a crafted request to the device's management interface. Affected models and the first patched firmware versions are: R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1].

Exploitation

An attacker must first have valid administrative credentials to the router's web interface. With authenticated access, the attacker can send a specially crafted input that overflows a stack buffer. No user interaction beyond the initial authentication is required; the attack can be launched from the local network (adjacent access) [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the device. This can lead to full compromise of the router, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further network attacks. The CVSS v3 vector indicates a high impact on confidentiality, integrity, and availability (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: R7800 firmware 1.0.2.40, R9000 firmware 1.0.2.52, WNDR3700v4 firmware 1.0.2.92, WNDR4300 firmware 1.0.2.94, WNDR4300v2 firmware 1.0.0.50, WNDR4500v3 firmware 1.0.0.50, and WNR2000v5 firmware 1.0.0.62. Users are strongly advised to update to the latest firmware immediately [1]. No workarounds other than applying the patch have been disclosed.