CVE-2018-21215

Vulnerability

The vulnerability is a pre-authentication buffer overflow affecting multiple NETGEAR product lines. It resides in the firmware of the following devices and versions: D3600 and D6000 prior to 1.0.0.67, D6100 prior to 1.0.0.56, EX2700 prior to 1.0.1.28, R7500v2 prior to 1.0.3.24, R9000 prior to 1.0.2.52, WN2000RPTv3 prior to 1.0.1.20, WN3000RPv3 prior to 1.0.2.50, and WN3100RPv2 prior to 1.0.0.56 [1]. No authentication is required to trigger the overflow.

Exploitation

An attacker must be within Wi-Fi range of the affected device (network adjacency). The attacker sends a crafted network packet to the device before any authentication occurs. No user interaction is required, and no privileged access is needed. The advisory does not disclose the exact sequence of steps but confirms the overflow is triggered by an unauthenticated, adjacent attacker [1].

Impact

Successful exploitation leads to arbitrary code execution on the device. According to the CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the attacker can achieve full compromise of confidentiality, integrity, and availability with high impact [1]. The attacker gains complete control over the vulnerable device.

Mitigation

NETGEAR has released fixed firmware for all affected models: D3600 and D6000 version 1.0.0.67, D6100 version 1.0.0.56, EX2700 version 1.0.1.28, R7500v2 version 1.0.3.24, R9000 version 1.0.2.52, WN2000RPTv3 version 1.0.1.20, WN3000RPv3 version 1.0.2.50, and WN3100RPv2 version 1.0.0.56 [1]. These updates should be downloaded and installed from NETGEAR Support. No workarounds are mentioned; the only mitigation is to apply the firmware patch [1].