D4Rkn3Ss

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6260 version 1.1.0.78 1.0.1 NETGEAR AC2100, AC2400, AC2600, D7000, R6020, R6080, R6120, R6220, R6230, R6350, R6330, R6700v2, R6800, R6850, R6900v2, R7200, R7350, R7400, R7450, WAC124 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For NETGEAR R6260 version 1.1.0.78 1.0.1, consider disabling access to the setupwizard.cgi page until a patch is available. For NETGEAR AC2100, AC2400, AC2600, D7000, R6020, R6080, R6120, R6220, R6230, R6350, R6330, R6700v2, R6800, R6850, R6900v2, R7200, R7350, R7400, R7450, WAC124, restrict access to the setupwizard.cgi page to minimize the risk of exploitation. As a temporary workaround, consider blocking crafted SOAP requests to the setupwizard.cgi page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6260 version 1.1.0.78 1.0.1 NETGEAR AC2100, AC2400, AC2600, R6020, R6080, R6120, R6330, R6350, R6700v2, R6800, R6850, R6900v2, R7200, R7350, R7400, R7450 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of SOAP requests, specifically when parsing the `SOAPAction` header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For NETGEAR R6260 version 1.1.0.78 1.0.1, consider disabling the `mini httpd` service until a patch is available. For NETGEAR AC2100, AC2400, AC2600, R6020, R6080, R6120, R6330, R6350, R6700v2, R6800, R6850, R6900v2, R7200, R7350, R7400, R7450, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the handling of string table file uploads, specifically due to the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this issue to execute code in the context of the web server. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, as a temporary workaround, consider restricting access to the string table file upload functionality until a patch is available. Avoid using user-supplied strings as format specifiers in the `strtblupgrade` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to bypass authentication on affected installations. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this to execute code in the context of root. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, consider restricting access to the httpd service until a patch is available. As a temporary workaround, limiting the input data length to prevent buffer overflow may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of string table file uploads, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this issue to execute code in the context of the web server. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, as a temporary workaround, consider restricting access to the string table file upload functionality until a patch is available. Additionally, restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the handling of string table file uploads, specifically with a crafted `gui region` in a string table file, which can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the web server. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, consider restricting access to the string table file upload functionality until a patch is available. As a temporary workaround, avoid using crafted `gui region` values in string table files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of the admin user. **Recommendations** For NETGEAR R6700 version 1.0.4.84 10.0.58, consider disabling the string table file upload functionality until a patch is available to prevent exploitation. Restrict access to the admin user context to minimize the risk of code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700 version 1.0.4.84 10.0.58 **Description** This issue allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this issue. The specific flaw exists within the handling of URLs, resulting from the lack of proper routing of URLs. An attacker can leverage this issue to disclose stored credentials, leading to further compromise. **Recommendations** For version 1.0.4.84 10.0.58, consider restricting access to the router until a patch is available. As a temporary workaround, avoid using sensitive information on the affected router installations. At the moment, there is no information about a newer version that contains a fix for this issue.