CVE-2018-21192

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of several NETGEAR routers and gateways. The flaw is triggered when an authenticated user sends a specially crafted request to a vulnerable service, leading to memory corruption. Affected models include D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1].

Exploitation

An attacker must first authenticate to the device (e.g., via the web interface or SSH). After gaining valid credentials, the attacker can send a malicious payload that overflows a stack buffer, potentially overwriting critical data or return addresses. The exact attack vector is not publicly detailed, but the advisory confirms that the vulnerability is exploitable by an authenticated user [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the device with elevated privileges (likely root). This can lead to full compromise of the router, including disclosure of network traffic, modification of settings, and use as a pivot point for further attacks. The CVSS v3 score is 6.8 (Medium) with vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impact [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: D6100 to 1.0.0.57, R6100 to 1.0.1.20, R7800 to 1.0.2.40, R9000 to 1.0.3.6, WNDR3700v4 to 1.0.2.92, WNDR4300 to 1.0.2.94, WNDR4300v2 to 1.0.0.50, WNDR4500v3 to 1.0.0.50, and WNR2000v5 to 1.0.0.62 [1]. No workarounds are provided; updating firmware is the only recommended mitigation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.