79 Netgear routers are vulnerable to unpatched buffer overflow leak

Several Netgear routers are vulnerable to a zero day. This makes it possible to take over the routers. The vulnerability can only be exploited from a local network. From there, other devices can be accessed.

The leak was discovered by security firm Grimm, which also immediately published a proof-of-concept, and the Zero Day Initiative at the same time. Both companies have reported the vulnerabilities to Netgear, but no patch is available yet.

The vulnerability is in the httpd daemon of the routers. It does not check the user’s data input. This makes it possible to cause a buffer overflow. In this way, an attacker can execute commands on the router without the need for authentication.

The leak can only be exploited from a LAN network and not from outside. However, attackers can execute code on other devices on the network, or turn on port forwarding, for example.

According to one of the researchers, stack cookies should counteract that problem. “That happens in most software, but not with the Netgear R7000,” he writes. “Stack cookies are also barely used in the Netgear products with the same codebase.”

The leak is in 79 different Netgear routers, according to the researchers, although they have only tested the proof-of-concept on a few models and firmware versions. Both security companies informed Netgear in advance and made responsible disclosure, but after Netgear asked for more time, Zero Day Initiative decided to publish it. Netgear itself has not yet responded.