CVE-2018-21197

Vulnerability

A stack-based buffer overflow vulnerability exists in several NETGEAR router and gateway models when processing requests from an authenticated user. Affected devices and firmware versions include D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1]. The vulnerability requires the attacker to already have valid credentials for the device's administrative interface.

Exploitation

An attacker must first authenticate to the affected NETGEAR device with valid administrative credentials. The attacker then sends a specially crafted request that triggers a stack-based buffer overflow in the device's firmware. No user interaction from legitimate administrators is required beyond the attacker's own initial authentication [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary code on the device with elevated privileges. This can lead to full compromise of the router or gateway, including disclosure of sensitive information, modification of configuration, and denial of service. The CVSS v3 score is 6.8 (Medium), with a vector of AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability despite requiring high privileges and local network access [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: D7800 1.0.1.34, R6100 1.0.1.22, R7500 1.0.0.122, R7500v2 1.0.3.26, R7800 1.0.2.40, R9000 1.0.2.52, WNDR3700v4 1.0.2.92, WNDR4300 1.0.2.94, WNDR4300v2 1.0.0.50, WNDR4500v3 1.0.0.50, and WNR2000v5 1.0.0.62. Users are strongly advised to update to the latest firmware via NETGEAR Support [1].