Severity Rating: HIGH
Software Affected
· AC1450 D6220, D6300, D6400, D7000v2, D8500, DC112A, DGN2200,
DGN2200v4, DGN2200M, DGND3700, EX3700, EX3800, EX3920,
EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX6920, EX7000
· LG2200D, MBM621, MBR624GU, MBR1200, MBR1515. MBR1516, MBRN3000,
MVBR1210C
· R4500, R6200, R6200v2, R6250, R6300, R6300v2, R6400, R6400v2,
R6700, R6700v3, R6900, R6900P, R7000.
· R7000P, R7100LG, R7300, R7850, R7900, R8000, R8300, R8500, RS400
· WGR614v8, WGR614v9, WGR614v10, WGT624v4, WN2500RP, WN2500RPv2,
WN3000RP, WN3100RP, WN3500RP, WNCE3001, WNDR3300, WNDR3300v2, WNDR3400,
WNDR3400v2, WNDR3400v3.
· WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR834Bv2,
WNR1000v3, WNR2000v2, WNR3500, WNR3500v2, WNR3500L, WNR3500Lv2, XR300.
Overview
A remote execution vulnerability have been reported in NETGEAR Routers
which could allow a remote attacker to bypass the authentication to gain
control, obtain root privilege, and attack on the internal computer over
the LAN.
Description
This vulnerability exists within httpd service listen on port 80 by default
due to lack of proper validation of the length of user-supplied data prior
to copying it to a fixed-length, stack-based buffer. This vulnerability
allows to create special crafted string to execute remote code command on
the router without authentication.
Successful exploitation of these vulnerabilities could allow the attacker
to execute code in the context of root, configure port forwarding, and
attack on the internal computer over the LAN.
Solution
Apply appropriate patches or workarounds as mentioned in NETGEAR.
Vendor Information
NETGEAR
ties-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
References
ZDI
GRIMM Blog
Threat Post
Bleeping Computers
k-full-takeover-due-to-unpatched-bug/
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.