CVE-2021-45528

Vulnerability

A post-authentication buffer overflow vulnerability exists in the firmware of multiple NETGEAR router models. The flaw is triggered when an authenticated user sends a specially crafted request to the device. Affected models include R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62 [1].

Exploitation

An attacker must first obtain valid credentials for the router's administrative interface. Once authenticated, the attacker can send a malicious input that overflows a buffer, potentially corrupting memory and leading to arbitrary code execution or a denial of service. The exact attack vector is not detailed in the advisory, but the vulnerability is reachable through the web-based management interface [1].

Impact

Successful exploitation could allow an authenticated attacker to crash the device or execute arbitrary code with root privileges, resulting in full compromise of the router. This could enable further attacks on the local network, such as traffic interception or lateral movement [1].

Mitigation

NETGEAR released fixed firmware versions on 2021-09-25 for all affected models. Users should upgrade to the latest firmware as listed in the advisory: R6300v2 to 1.0.4.52, R6400 to 1.0.1.52, R6900 to 1.0.2.8, R7000 to 1.0.9.88, R7900 to 1.0.3.18, R8000 to 1.0.4.46, R7900P to 1.4.1.50, R8000P to 1.4.1.50, RAX75 to 1.0.3.88, RAX80 to 1.0.3.88, and WNR3500Lv2 to 1.2.0.62. No workarounds are provided; updating firmware is the only recommended action [1].