CVE-2018-21201

Vulnerability

A stack-based buffer overflow exists in the firmware of multiple NETGEAR routers and gateways, allowing authenticated users to cause a denial of service or execute arbitrary code. Affected devices include D6100, R6100, R7800, R9000, WNDR3700v4, WNDR4300, WNDR4300v2, WNDR4500v3, and WNR2000v5 running firmware versions prior to the fixes listed in the advisory [1].

Exploitation

Exploitation requires an authenticated user with administrative privileges on the device's web interface. The attacker must be on the same local network (adjacent) and send specially crafted data to trigger the overflow. The exact sequence of steps is not publicly detailed, but the vulnerability is remotely exploitable within the local network [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with high privileges, potentially leading to full device compromise. This can result in disclosure of sensitive information, modification of configurations, or denial of service. The CVSS v3 score is 6.8 (Medium) with vector AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

Fixed firmware versions have been released: D6100 1.0.0.57, R6100 1.0.1.20, R7800 1.0.2.40, R9000 1.0.2.52, WNDR3700v4 1.0.2.92, WNDR4300 1.0.2.94, WNDR4300v2 1.0.0.50, WNDR4500v3 1.0.0.50, and WNR2000v5 1.0.0.62 [1]. Users should update immediately; no workarounds are available.