CVE-2021-45611

Vulnerability

A buffer overflow vulnerability exists in multiple NETGEAR router models, including the DC112A, R6400, RAX200, WNDR3400v3, XR300, R8500, RAX75, R8300, and RAX80. The flaw is triggered before authentication and affects firmware versions prior to the specific releases listed in the advisory: DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106 [1].

Exploitation

An unauthenticated attacker can exploit this buffer overflow by sending a specially crafted network request to the affected device. No prior authentication or user interaction is required, meaning the attack vector is remote and can be performed by anyone with network access to the vulnerable router [1].

Impact

Successful exploitation results in a buffer overflow, which a remote attacker can use to execute arbitrary code on the device. This could lead to full compromise of the router, including the ability to modify settings, intercept or redirect network traffic, and use the device as a foothold for further attacks [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to at least DC112A 1.0.0.52, R6400 1.0.1.68, RAX200 1.0.3.106, WNDR3400v3 1.0.1.38, XR300 1.0.3.68, R8500 1.0.2.144, RAX75 1.0.3.106, R8300 1.0.2.144, and RAX80 1.0.3.106. The advisory strongly recommends downloading the latest firmware from the NETGEAR Support website [1].