CVE-2022-44190

Vulnerability

Netgear R7000P router firmware version V1.3.1.64 is vulnerable to a buffer overflow in the enable_band_steering parameter. The vulnerability exists in the web management interface, which processes user-supplied input without proper bounds checking. This allows an attacker to overflow a buffer by providing an excessively long value for the parameter.

Exploitation

An attacker with network access to the router's web interface can exploit this vulnerability by sending a crafted HTTP request containing a long string in the enable_band_steering parameter. No authentication is required if the interface is exposed, but typically the attacker would need to be on the local network or have credentials if the interface is protected. The overflow can be triggered by a single request.

Impact

Successful exploitation could lead to a denial of service (router crash) or potentially arbitrary code execution with the privileges of the web server process. This could allow an attacker to gain full control of the device, modify settings, or use it as a pivot point in the network.

Mitigation

As of the publication date (2022-11-22), no official firmware update has been released by NETGEAR to address this vulnerability. Users are advised to monitor NETGEAR's security advisory page [1] for future patches. In the meantime, restricting access to the web management interface to trusted networks and disabling remote management can reduce exposure.