CVE-2019-20647

Vulnerability

A denial of service vulnerability exists in NETGEAR RAX40 routers running firmware versions prior to 1.0.3.64. The specific nature of the flaw is not publicly detailed, but it affects the device's ability to process certain network traffic, leading to a crash or hang. Affected models include RAX40 with firmware before 1.0.3.64 [1].

Exploitation

An attacker must be on the same adjacent network as the target device and have low-privileged access (e.g., guest credentials). No user interaction is required. The attack vector is low complexity, and the exploit sequence likely involves sending crafted packets to the router, causing it to become unresponsive [1].

Impact

Successful exploitation results in a denial of service, making the router unavailable for legitimate network traffic. The impact is limited to availability, with no effect on confidentiality or integrity. The scope is changed, meaning the vulnerable component is different from the impacted system (the router's network services) [1].

Mitigation

NETGEAR has released firmware version 1.0.3.64 to address this vulnerability. Users are strongly advised to upgrade to this version or later via the NETGEAR support page. No workarounds are available [1].