CVE-2018-21179

Vulnerability

A stack-based buffer overflow vulnerability exists in certain NETGEAR devices when processed by an authenticated user. The bug affects the following models running firmware versions prior to the ones listed: D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1]. An authenticated user is able to provide a crafted input that overflows a stack buffer, corrupting adjacent memory.

Exploitation

An attacker must first authenticate to the affected device as a valid user. After gaining authenticated access, the attacker can send a specially crafted request to the vulnerable component, causing a stack buffer overflow [1]. No user interaction beyond authentication is required. The attacker must be present on the local network (adjacent) to reach the management interface.

Impact

Successful exploitation allows the attacker to corrupt stack memory, which can lead to arbitrary code execution with elevated privileges, potentially gaining full control of the device [1]. The CVSS v3 vector indicates high impact on confidentiality, integrity, and availability, though authentication is required [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models as of the advisory date. Users should upgrade to the latest firmware as indicated in the advisory: D6100 to 1.0.0.57, D7800 to 1.0.1.30, R7500 to 1.0.0.122, R7500v2 to 1.0.3.24, R7800 to 1.0.2.40, R9000 to 1.0.2.52, WNDR3700v4 to 1.0.2.92, WNDR4300 to 1.0.2.94, WNDR4300v2 to 1.0.0.50, WNDR4500v3 to 1.0.0.50, and WNR2000v5 to 1.0.0.62 [1]. No workaround is available; updating firmware is the sole mitigation [1].