Name of the Vulnerable Software and Affected Versions:

NETGEAR R6400 versions R6400 through R6400v2

NETGEAR R6700 versions R6700v3

NETGEAR R6900P

NETGEAR R7000 versions R7000 through R7000P

NETGEAR R7850

NETGEAR R7900P

NETGEAR R7960P

NETGEAR R8000 versions R8000 through R8000P

NETGEAR RAX15

NETGEAR RAX20

NETGEAR RAX200

NETGEAR RAX35 version RAX35v2

NETGEAR RAX38 version RAX38v2

NETGEAR RAX40 version RAX40v2

NETGEAR RAX42

NETGEAR RAX43

NETGEAR RAX45

NETGEAR RAX48

NETGEAR RAX50 versions RAX50 through RAX50S

NETGEAR RAX75

NETGEAR RAX80

NETGEAR RAXE450

NETGEAR RAXE500

NETGEAR RS400

NETGEAR WNDR3400 version WNDR3400v3

NETGEAR WNR3500L version WNR3500Lv2

NETGEAR D6220

NETGEAR D6400

NETGEAR EX6120

NETGEAR EX6130

NETGEAR EX7500

Description:

The issue is related to a buffer copy without checking the size of the input data in the httpd service of the NETGEAR router's firmware. This can be exploited by a remote attacker to execute arbitrary code. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

Recommendations:

For NETGEAR R6400 versions R6400 through R6400v2, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R6700 versions R6700v3, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R6900P, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R7000 versions R7000 through R7000P, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R7850, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R7900P, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R7960P, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR R8000 versions R8000 through R8000P, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX15, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX20, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX200, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX35 version RAX35v2, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX38 version RAX38v2, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX40 version RAX40v2, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX42, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX43, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX45, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX48, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX50 versions RAX50 through RAX50S, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX75, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAX80, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAXE450, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RAXE500, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR RS400, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR WNDR3400 version WNDR3400v3, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR WNR3500L version WNR3500Lv2, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR D6220, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR D6400, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR EX6120, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR EX6130, update the firmware to a version that addresses the missing authentication issue in the httpd service.

For NETGEAR EX7500, update the firmware to a version that addresses the missing authentication issue in the httpd service.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.