CVE-2018-21196

Vulnerability

A stack-based buffer overflow vulnerability exists in the firmware of multiple NETGEAR router and gateway models. The flaw is triggered by a post-authentication operation, meaning the attacker must already have valid credentials. Affected devices include D6100 (before 1.0.0.57), R6100 (before 1.0.1.20), R7800 (before 1.0.2.40), R9000 (before 1.0.2.52), WNDR3700v4 (before 1.0.2.92), WNDR4300 (before 1.0.2.94), and WNR2000v5 (before 1.0.0.62) [1].

Exploitation

An attacker must possess valid authentication credentials for the affected device. With authenticated access, the attacker can send crafted input that overflows a stack buffer, potentially leading to control flow hijacking. The CVSS v3 vector indicates the attack vector is adjacent network (AV:A), the attack complexity is low (AC:L), and no user interaction is required (UI:N) [1]. The exact sequence of steps is not publicly detailed, but the vulnerability can be exploited without user interaction once authenticated.

Impact

Successful exploitation could allow an authenticated attacker to achieve arbitrary code execution with elevated privileges, leading to a full compromise of the device's confidentiality, integrity, and availability (CIA). The CVSS v3 score of 6.8 (Medium) reflects high impact on all CIA requirements [1]. The attacker could potentially read sensitive data, modify device configuration, or render the device inoperable.

Mitigation

NETGEAR released fixed firmware versions for all affected models. Users should upgrade to the latest firmware immediately: D6100 to 1.0.0.57, R6100 to 1.0.1.20, R7800 to 1.0.2.40, R9000 to 1.0.2.52, WNDR3700v4 to 1.0.2.92, WNDR4300 to 1.0.2.94, and WNR2000v5 to 1.0.0.62 [1]. No workarounds are documented; installation of the patched firmware is the only recommended remediation. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.