CVE-2018-21195

Vulnerability

A stack-based buffer overflow vulnerability exists in several NETGEAR devices, including D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1]. The bug resides in an unspecified component that processes input from an authenticated user [1]. The issue is classified as a post-authentication stack overflow, meaning the vulnerable code path is only reachable after the attacker has already obtained valid credentials or authenticated to the device [1].

Exploitation

An attacker must first be authenticated to the affected device [1]. The exact sequence of steps to trigger the overflow is not detailed in available references, but the vulnerability is described as a stack-based buffer overflow [1]. The attack is executed over a local network (adjacent), as indicated by the CVSS vector (AV:A) [1]. The attacker requires high privileges (PR:H) and no user interaction (UI:N) [1].

Impact

Successful exploitation allows an attacker to achieve high impact on confidentiality, integrity, and availability (CVSS v3 Base Score 6.8, Medium) [1]. The attacker can potentially execute arbitrary code or cause a denial of service, leading to full compromise of the device [1]. The scope of the compromise is unchanged (S:U), meaning the attacker cannot pivot to other systems [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability [1]. The fixed versions are: D6100 1.0.0.57, D7800 1.0.1.34, R6100 1.0.1.20, R7500v2 1.0.3.24, R7800 1.0.2.40, R9000 1.0.3.6, WNDR3700v4 1.0.2.92, WNDR4300 1.0.2.94, WNDR4300v2 1.0.0.50, WNDR4500v3 1.0.0.50, and WNR2000v5 1.0.0.62 [1]. Users should download and install the latest firmware from NETGEAR Support [1]. No workaround is provided for unpatched devices; upgrading is the only recommended action [1].