CVE-2018-21222

Vulnerability

A pre-authentication buffer overflow vulnerability exists in several NETGEAR router and gateway models. The flaw occurs in the firmware's handling of network requests without requiring authentication. Affected devices include D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62 [1].

Exploitation

An unauthenticated attacker on the local network can send specially crafted packets to the vulnerable device during the pre-authentication phase, triggering a buffer overflow. No user interaction or credentials are required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the device, potentially gaining full control over the router or gateway. This can lead to disclosure of sensitive information, modification of network traffic, and denial of service [1].

Mitigation

NETGEAR has released firmware updates that fix the vulnerability. Users should download and install the latest firmware for their respective models from the NETGEAR Support website [1]. No workarounds are mentioned; applying the firmware update is the only mitigation.