CVE-2019-20680

Vulnerability

A command injection vulnerability exists in the web-based management interface of multiple NETGEAR routers and gateways. An authenticated user can inject arbitrary commands through a vulnerable input field. Affected models include D7000v2 (before 1.0.0.53), R6220 (before 1.1.0.80), R6260 (before 1.1.0.64), R6700 (before 1.0.2.6), R6700v2 (before 1.2.0.36), R6800 (before 1.2.0.36), R6900 (before 1.0.2.4), R6900P (before 1.3.1.64), R6900v2 (before 1.2.0.36), R7000 (before 1.0.9.60), R7000P (before 1.3.1.64), R7800 (before 1.0.2.60), R7900 (before 1.0.3.8), R7900P (before 1.4.1.30), R8000 (before 1.0.4.46), R8000P (before 1.4.1.30), R8300 (before 1.0.2.128), R8500 (before 1.0.2.128), R8900 (before 1.0.4.12), R9000 (before 1.0.4.12), and XR500 (before 2.3.2.32) [1].

Exploitation

An attacker must first authenticate to the device's web interface with valid administrative credentials. By sending specially crafted HTTP requests containing command injection payloads to vulnerable endpoints, the attacker can execute arbitrary operating system commands on the device [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the affected device. This can lead to full compromise of the router, including data exfiltration, modification of configuration, and use as a pivot for further network attacks [1].

Mitigation

NETGEAR has released firmware updates for all affected devices. Users should upgrade to the latest firmware version for their specific model as listed in the security advisory [1]. No workaround is available; patching is the only mitigation.