CVE-2018-21175

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR routers and gateways. The affected models include D6100 (before 1.0.0.57), R6100 (before 1.0.1.20), R7800 (before 1.0.2.40), R9000 (before 1.0.2.52), WNDR3700v4 (before 1.0.2.92), WNDR4300 (before 1.0.2.94), WNDR4300v2 (before 1.0.0.50), WNDR4500v3 (before 1.0.0.50), and WNR2000v5 (before 1.0.0.62) [1]. The vulnerability is triggered after authentication, meaning the attacker must have valid credentials to exploit it.

Exploitation

An authenticated user can exploit this vulnerability by sending a specially crafted request to the device over the network. The attacker requires network adjacency (local network access) and valid administrative credentials. No user interaction is needed beyond the initial authentication. The crafted request causes a stack overflow, leading to code execution [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the device with elevated privileges. This can result in full compromise of the router, including disclosure of sensitive information, modification of device configuration, and denial of service. The CVSS v3 score is 6.8 (Medium) with vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released firmware updates that fix this vulnerability. Users should upgrade to the following versions or later: D6100 1.0.0.57, R6100 1.0.1.20, R7800 1.0.2.40, R9000 1.0.2.52, WNDR3700v4 1.0.2.92, WNDR4300 1.0.2.94, WNDR4300v2 1.0.0.50, WNDR4500v3 1.0.0.50, and WNR2000v5 1.0.0.62 [1]. No workarounds are available; applying the firmware update is the only mitigation. The advisory credits mongo on Bugcrowd for reporting the issue [1].