CVE-2018-21173

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of several NETGEAR router models. The flaw is triggered when an authenticated user sends a specially crafted request to the device's management interface. Affected models and fixed firmware versions are: R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1].

Exploitation

An attacker must first obtain valid credentials for the router's administrative interface. With authenticated access, the attacker can send a malicious payload that overflows a stack buffer, potentially corrupting memory and altering program flow. No user interaction beyond authentication is required, and the attack can be launched from the local network (adjacent network) [1].

Impact

Successful exploitation allows the attacker to cause a denial of service (device crash) or potentially execute arbitrary code with root privileges on the affected router. The CVSS v3 score is 6.8 (Medium) with a vector of AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impact [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models as listed in the Vulnerability section. Users should update to the latest firmware immediately via the NETGEAR Support website. No workarounds are available; the vulnerability is only remediated by applying the firmware update [1].