Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
An attacker can trigger a buffer overflow by providing a crafted QUERY_STRING key value in an HTTP request directed to the router. An excessive amount of data passed in this parameter causes a stack overflow in the cgiMain component, which enables overwriting memory areas and executing malicious code (RCE).
A remote attacker without any authentication can execute arbitrary code on the device, which in practice means complete takeover of the router, modification of its configuration, interception of network traffic, or use of the device as an entry point to the local network.
Apply patches available from the manufacturer according to the references. Until firmware is updated, it is recommended to restrict access to the router's management interface exclusively from trusted hosts and to disable remote access to the administrative panel.
Netgear R6100 with firmware version V1.0.1.28
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear R6100
HWNetgearwszystkie wersjeNetgear R6100 Firmware
OSNetgear1.0.1.28
Related vulnerabilities
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before...
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...