| 1 | + | ## TL;DR |
| 2 | + | |
| 3 | + | A vulnerability in NETGEAR AFPD, Apple Filing Protocol daemon, process allows LAN side attackers to cause the product to overflow a buffer due to a pre-auth vulnerability. |
| 4 | + | |
| 5 | + | ## Vulnerability Summary |
| 6 | + | |
| 7 | + | A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth. |
| 8 | + | |
| 9 | + | ### Credit |
| 10 | + | |
| 11 | + | An independent security researcher has reported this to the SSD Secure Disclosure program. |
| 12 | + | |
| 13 | + | ## Affected Versions |
| 14 | + | |
| 15 | + | NETGEAR R7800 (V1.0.2.90) |