CVE-2022-44193

Vulnerability

A buffer overflow vulnerability exists in the /usr/sbin/httpd binary of Netgear R7000P router firmware V1.3.1.64 [1]. The flaw is triggered via the HTTP parameters starthour, startminute, endhour, and endminute [1]. No authentication is required to reach the vulnerable code path, making the attack surface accessible from the local network.

Exploitation

An unauthenticated attacker with network access to the router's web interface can send a specially crafted HTTP request containing overly long strings in the starthour, startminute, endhour, and endminute parameters [1]. This overflows a fixed-size buffer in the httpd binary, corrupting adjacent memory. No user interaction is required beyond the attacker sending the malicious request.

Impact

Successful exploitation leads to arbitrary code execution in the context of the httpd process, which typically runs with root privileges on the router. This allows the attacker to fully compromise the device, enabling actions such as installing malware, exfiltrating data, pivoting to internal networks, or disrupting network services [1].

Mitigation

As of the publication date, Netgear's security advisory page [1] does not list a fixed firmware version for the R7000P. Users should monitor the Netgear security portal for an upcoming patch. If no update is released, the device may be considered end-of-life; replacing the router with a supported model is the recommended mitigation. No workarounds are publicly documented.