CVE-2023-30280

Vulnerability

A buffer overflow vulnerability exists in the getInputData parameter of the fwSchedule.cgi page on Netgear R6900 firmware v1.0.2.26, R6700v3 firmware v1.0.4.128, and R6700 firmware v1.0.0.26 [1]. The vulnerability allows a remote attacker to cause a buffer overflow by sending a crafted request to this CGI endpoint without requiring authentication.

Exploitation

An attacker does not need any prior authentication to exploit this vulnerability. The attack is conducted remotely by sending a specially crafted HTTP request to the vulnerable router's fwSchedule.cgi endpoint with an overly long getInputData parameter. The improper bounds checking on this input leads to a buffer overflow condition on the stack.

Impact

Successful exploitation of this buffer overflow allows a remote attacker to execute arbitrary code on the router in the context of the web server or cause a denial of service (DoS) [1]. This can lead to complete compromise of the device, including potential further attacks on the local network.

Mitigation

As of the publication date (2023-04-26), Netgear has not yet released a firmware update to address this vulnerability [1]. Users of affected Netgear models should monitor Netgear's security advisory page for future patches. No known workarounds are reported. The affected products may be past their end-of-life support; users should consider upgrading to a supported model.