CVE-2018-21229

Vulnerability

The vulnerability is a security misconfiguration in the firmware of certain NETGEAR devices. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50 [1]. The specific configuration flaw is not publicly detailed, but it involves incorrect settings that expose the device or network to potential abuse.

Exploitation

An attacker must be on the same local network (adjacent) as the affected device and does not require authentication. The attack complexity is high (AC:H), implying that specific conditions or timing might be necessary. The attacker can exploit this misconfiguration to access sensitive information without any user interaction [1]. Exact exploitation steps are not disclosed in the references.

Impact

Successful exploitation leads to a compromise of confidentiality (C:H) — the attacker can obtain high-impact confidential information from the device or the network. Integrity and availability are not affected (I:N, A:N) [1]. The attacker achieves this with no privileges on the device and without user interaction.

Mitigation

NETGEAR released fixed firmware versions for all affected models: 1.0.3.20 for R7500v2, 1.0.2.38 for R7800, 1.0.2.50 for WN3000RPv3, 1.0.0.50 for WNDR4300v2, and 1.0.0.50 for WNDR4500v3 [1]. Users should update to the latest firmware from NETGEAR Support as soon as possible. No workarounds are provided for devices that cannot be patched. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.