| | 1 | + | ## TL;DR |
| | 2 | + | |
| | 3 | + | A vulnerability in NETGEAR AFPD, Apple Filing Protocol daemon, process allows LAN side attackers to cause the product to overflow a buffer due to a pre-auth vulnerability. |
| | 4 | + | |
| | 5 | + | ## Vulnerability Summary |
| | 6 | + | |
| | 7 | + | A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth. |
| | 8 | + | |
| | 9 | + | ### Credit |
| | 10 | + | |
| | 11 | + | An independent security researcher has reported this to the SSD Secure Disclosure program. |
| | 12 | + | |
| | 13 | + | ## Affected Versions |
| | 14 | + | |
| | 15 | + | NETGEAR R7800 (V1.0.2.90) |
Charlie Root
committed
1 year ago
1 parent b60b23ff