CVE-2022-44184

Vulnerability

Netgear R7000P router firmware version V1.3.0.8 contains a buffer overflow vulnerability in the /usr/sbin/httpd binary. The overflow occurs when processing the wan_dns1_sec parameter, which is part of the WAN DNS configuration. An attacker can trigger this by sending a specially crafted HTTP request with an overly long value for wan_dns1_sec. The vulnerability is present in the affected firmware version as described in the CVE description.

Exploitation

An attacker does not require authentication to exploit this vulnerability, as the wan_dns1_sec parameter is processed by the web server (httpd) which is exposed to the network. The attacker can send a crafted HTTP request to the router's management interface, providing a long string for the wan_dns1_sec parameter. This causes a buffer overflow in the httpd process, potentially overwriting adjacent memory.

Impact

Successful exploitation of this buffer overflow could lead to a denial of service (crash of the httpd process) or, depending on the memory layout, arbitrary code execution with the privileges of the httpd process. This could allow an attacker to gain control of the router, modify its configuration, or use it as a pivot point for further attacks on the internal network.

Mitigation

As of the publication date of this CVE (2022-11-22), no official fix or security advisory from NETGEAR has been identified in the available references [1]. Users are advised to monitor NETGEAR's security page for firmware updates. If the device is no longer supported, consider replacing it with a supported model.