Gregory Vishnipolsky

**Name of the Vulnerable Software and Affected Versions** NETGEAR Nighthawk R7000 version 1.0.9.64 10.2.64 **Description** The issue allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser. This is due to the SIP ALG implementation taking action based on an IP packet with an initial `REGISTER` substring in the TCP data and the correct intranet IP address in the subsequent `Via` header, without properly considering connection progress and fragmentation. **Recommendations** For NETGEAR Nighthawk R7000 version 1.0.9.64 10.2.64, consider disabling the SIP ALG feature as a temporary workaround until a patch is available. Restrict access to the SIP ALG module to minimize the risk of exploitation. Avoid using the `REGISTER` substring in the TCP data and the `Via` header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.