CVE-2018-21211

Vulnerability

A pre-authentication buffer overflow vulnerability (PSV-2017-2491) exists in the firmware of multiple NETGEAR routers and gateways. The affected models include D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. The vulnerability can be triggered without authentication, meaning no credentials are required to exploit the flaw. [1]

Exploitation

An unauthenticated attacker within the local network (adjacent network) can send a specially crafted packet to the vulnerable device to trigger the buffer overflow. No user interaction is required. The CVSS vector indicates high attack complexity (AC:L) and privileges none (PR:N), suggesting the attack is straightforward and requires no prior access. The exact sequence of steps is not publicly detailed, but it involves network-based exploitation over the local network. [1]

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution on the device, leading to full compromise of confidentiality, integrity, and availability (CIA). The attacker gains high privileges, effectively taking complete control of the router or gateway. This can be used to intercept traffic, modify settings, launch further attacks, or disrupt device operation. [1]

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible. The specific fixed versions are listed in the vulnerability section. There are no known workarounds; the only mitigation is to install the updated firmware. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]