CVE-2022-44194

Vulnerability

A buffer overflow vulnerability exists in the Netgear R7000P router firmware version V1.3.0.8. The flaw is triggered by crafting excessively long inputs to the parameters apmode_dns1_pri and apmode_dns1_sec [1]. The vulnerability resides in the code that handles DNS configuration when the router is operating in access point (AP) mode. No authentication or special configuration is required to reach the affected code path; the parameters are processed during normal AP mode setup.

Exploitation

An attacker can exploit this vulnerability from the local network by sending a specially crafted HTTP request to the router's administration interface. The attacker does not need to be authenticated, as the vulnerable parameters are parsed before authentication checks. The exploitation involves providing an overly long string in either the apmode_dns1_pri or apmode_dns1_sec field, which overflows the buffer on the stack. No user interaction on the target device is required beyond the router processing the malicious request.

Impact

Successful exploitation allows an attacker to achieve code execution on the router at the privilege level of the affected service. This can lead to full compromise of the device, including the ability to intercept network traffic, modify DNS settings, or use the router as a pivot point for further attacks on the local network. The impact is limited by the network position requirement; the attacker must be able to send HTTP requests to the router's management interface.

Mitigation

Netgear has not released a firmware update that patches CVE-2022-44194 as of the publication date [1]. Users are advised to monitor Netgear's security advisory page for a firmware release. Until a fix is available, mitigating actions include disabling remote management and ensuring the router's management interface is only accessible from trusted local networks. The product may be nearing or past its end-of-life (EOL) support window, so upgrading to a supported model is recommended [1].