Buffer Overflow Vulnerability in Netgear R6900 Router

Summary

A serious security flaw has been identified in the Netgear R6900 router, specifically affecting version 1.0.1.26_1.0.20. The vulnerability lies within the HTTP Header Handler, particularly the upgrade_check.cgi functionality. An attacker can exploit this vulnerability by manipulating the Content-Length argument, leading to a buffer overflow condition. This allows for remote execution of arbitrary code, putting users at significant risk. The vulnerability has been publicly disclosed, and despite early notification, Netgear has not provided any response or patches to address the issue.

References