CVE-2018-21176

Vulnerability

A stack-based buffer overflow vulnerability exists in multiple NETGEAR devices, including the D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. The vulnerability is triggered by an authenticated user, meaning that valid credentials or an authenticated session are required to reach the vulnerable code path [1].

Exploitation

An attacker must first obtain authentication credentials for the affected device (e.g., via credential theft or brute-force) and then send a specially crafted packet or request to the device. The attacker has access to the local network (adjacent network) and requires high privileges (authenticated access). The specific sequence involves sending a crafted payload that overflows the stack, thereby corrupting adjacent memory [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution on the device, potentially leading to full compromise of confidentiality, integrity, and availability. The attack can lead to the disclosure or modification of sensitive data, or denial of service. The CVSS v3 vector indicates a high impact on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: D6100 (1.0.0.57), R6100 (1.0.1.20), R7500 (1.0.0.122), R7800 (1.0.2.40), R9000 (1.0.2.52), WNDR3700v4 (1.0.2.92), WNDR4300 (1.0.2.94), WNDR4300v2 (1.0.0.50), WNDR4500v3 (1.0.0.50), and WNR2000v5 (1.0.0.62). Users are strongly advised to download and install the latest firmware for their device as soon as possible. No workaround is available other than applying the firmware update [1].