CVE-2018-21185

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR devices when an authenticated user sends a specially crafted request. Affected models include D6100 (before 1.0.0.57), D7800 (before 1.0.1.34), R7500 (before 1.0.0.122), R7500v2 (before 1.0.3.24), R7800 (before 1.0.2.40), R9000 (before 1.0.2.52), WNDR3700v4 (before 1.0.2.92), WNDR4300 (before 1.0.2.94), WNDR4300v2 (before 1.0.0.50), WNDR4500v3 (before 1.0.0.50), and WNR2000v5 (before 1.0.0.62) [1].

Exploitation

An attacker must first authenticate to the device's web interface or management service. After authentication, the attacker can send a crafted request that triggers a stack buffer overflow. No user interaction beyond authentication is required; the attack can be launched from the local network (adjacent) as per the CVSS vector [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with elevated privileges, potentially leading to full compromise of the device. The CVSS v3 score is 6.8 (Medium) with vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability [1].

Mitigation

NETGEAR has released firmware updates for all affected models. Users should update to the latest firmware versions as listed: D6100 to 1.0.0.57, D7800 to 1.0.1.34, R7500 to 1.0.0.122, R7500v2 to 1.0.3.24, R7800 to 1.0.2.40, R9000 to 1.0.2.52, WNDR3700v4 to 1.0.2.92, WNDR4300 to 1.0.2.94, WNDR4300v2 to 1.0.0.50, WNDR4500v3 to 1.0.0.50, and WNR2000v5 to 1.0.0.62 [1]. No workarounds are provided; updating firmware is the only mitigation.