Xarkes

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR R6400v2 (affected versions not specified) NETGEAR R6900P (affected versions not specified) NETGEAR R7000 (affected versions not specified) NETGEAR R7000P (affected versions not specified) NETGEAR RS400 (affected versions not specified) NETGEAR CBR40 (affected versions not specified) **Description** This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the downloading of files via HTTPS, resulting from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of root. **Recommendations** For NETGEAR R6700v3 version 1.0.4.120 10.0.91, consider disabling the HTTPS file download feature until a patch is available. For NETGEAR R6400v2, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR RS400, and NETGEAR CBR40, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6400v2 (affected versions not specified) NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR R6900P (affected versions not specified) NETGEAR R7000 (affected versions not specified) NETGEAR R7000P (affected versions not specified) NETGEAR RS400 (affected versions not specified) NETGEAR CBR40 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the `circled` daemon. A crafted `circleinfo.txt` file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of `root`. **Recommendations** For NETGEAR R6400v2, restrict access to the `circled` daemon until a patch is available. For NETGEAR R6700v3 version 1.0.4.120 10.0.91, consider disabling the `circled` daemon as a temporary workaround. For NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR RS400, and NETGEAR CBR40, at the moment, there is no information about a newer version that contains a fix for this issue.