CVE-2023-38925

Vulnerability

A buffer overflow vulnerability exists in the password.cgi endpoint of Netgear DC112A (firmware version 1.0.0.64), EX6200 (firmware version 1.0.3.94), and R6300v2 (firmware version 1.0.4.8). The bug is triggered when the http_passwd parameter is set in NVRAM via password.cgi and subsequently used by the smb_pass command. A long string passed as the password can overflow a fixed-size buffer [1][2].

Exploitation

An authenticated attacker can set the http_passwd parameter to an overly long string, for example 'a' * 0x200, to trigger a buffer overflow. The attacker must have valid credentials to access the web interface; no special network position is required beyond local network access. The overflow occurs when the httpd process invokes smb_pass with the attacker-controlled password value [2].

Impact

Successful exploitation allows the attacker to achieve arbitrary command execution on the device, gaining full control of the system. The attacker can then install malware, exfiltrate data, or pivot to other devices on the network [2].

Mitigation

As of the publication date, Netgear has not released firmware updates for the affected models. Users are advised to check the vendor's security advisory page for future patches [1]. No workaround is documented; limiting remote access and using strong credentials may reduce exposure but does not fix the underlying vulnerability.