CVE-2018-21213

Vulnerability

A buffer overflow vulnerability exists in the pre-authentication code path of multiple NETGEAR routers and gateways [1]. The flaw affects the following models and firmware versions: D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50 [1]. No authentication is required to reach the vulnerable code path.

Exploitation

An unauthenticated attacker with network adjacency (i.e., within Wi-Fi range or on the same local network) can send a specially crafted packet to the vulnerable device [1]. No prior authentication or user interaction is required. The advisory does not detail the exact protocol or input vector, but the vulnerability is triggered before authentication, meaning the device processes attacker-controlled data during the initial handshake or setup phase [1].

Impact

Successful exploitation of the buffer overflow leads to arbitrary code execution on the affected device [1]. The CVSS v3 vector indicates a High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) [1]. An attacker could gain full control of the device, potentially enabling traffic interception, device manipulation, or use of the router as a pivot point into the internal network.

Mitigation

NETGEAR has released fixed firmware versions for each affected model as listed in the advisory [1]. Users should download and install the latest firmware from NETGEAR Support as soon as possible [1]. No workarounds are provided; the vendor states the vulnerability persists until the firmware is updated. The advisory does not mention inclusion on CISA's KEV list.