CVE-2018-21193

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR routers and gateways. The flaw is triggered when an authenticated user sends a specially crafted request, leading to a stack overflow. Affected models include D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1].

Exploitation

An attacker must first authenticate to the device's management interface. Once authenticated, the attacker can send a crafted input that exploits the stack-based buffer overflow. No user interaction beyond authentication is required. The vulnerability exists in the device's web interface or other authenticated services [1].

Impact

Successful exploitation could allow an authenticated attacker to cause a denial-of-service condition (device crash or reboot) or potentially execute arbitrary code with the privileges of the affected service. The CVSS v3 score is 6.8 (Medium) with vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability, though privileges required are high [1].

Mitigation

NETGEAR has released firmware fixes for all affected models. Users should update to the following or later versions: D6100 firmware 1.0.0.57, D7800 firmware 1.0.1.34, R6100 firmware 1.0.1.20, R7500 firmware 1.0.0.122, R7500v2 firmware 1.0.3.24, R7800 firmware 1.0.2.40, WNDR3700v4 firmware 1.0.2.92, WNDR4300 firmware 1.0.2.94, WNDR4300v2 firmware 1.0.0.50, WNDR4500v3 firmware 1.0.0.50, and WNR2000v5 firmware 1.0.0.62. The fixes were made available on or before the advisory publication date [1].