CVE-2022-48196

Vulnerability

A pre-authentication buffer overflow vulnerability exists in multiple NETGEAR router models, including the RAX40, RAX35, R6400v2, R6700v3, R6900P, R7000P, R7000, R7960P, and R8000P. The flaw is present in firmware versions before 1.0.2.60 (RAX40, RAX35), 1.0.4.122 (R6400v2, R6700v3), 1.3.3.152 (R6900P, R7000P), 1.0.11.136 (R7000), and 1.4.4.94 (R7960P, R8000P). An attacker can trigger the overflow without authentication, and the component affected has not been publicly disclosed [1][2].

Exploitation

An unauthenticated attacker can exploit this vulnerability with low complexity, requiring no user interaction or permissions. The attacker needs network access to the affected router to send crafted packets, which cause a buffer overflow on the device [1][2]. The specific sequence of steps has not been detailed by NETGEAR, but typical exploitation involves sending a specially crafted request to a vulnerable service listening on the router.

Impact

Successful exploitation can lead to a denial of service (device crash) or arbitrary code execution at the router's privilege level, depending on the attacker's payload [2]. This could allow an attacker to gain full control of the device, potentially enabling further attacks on the local network.

Mitigation

NETGEAR has released fixed firmware versions for all affected models: RAX40 and RAX35 to version 1.0.2.60, R6400v2 and R6700v3 to version 1.0.4.122, R6900P and R7000P to version 1.3.3.152, R7000 to version 1.0.11.136, and R7960P and R8000P to version 1.4.4.94. Users are strongly advised to update their routers to the latest firmware as soon as possible [1][2]. No other workarounds have been published, and this vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.