Enable build support by adding .buildspec.yml
README.md | Loading last commit info... | |
exploit.py |
README.md
TL;DR
A vulnerability in NETGEAR AFPD, Apple Filing Protocol daemon, process allows LAN side attackers to cause the product to overflow a buffer due to a pre-auth vulnerability.
Vulnerability Summary
A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.
Credit
An independent security researcher has reported this to the SSD Secure Disclosure program.
Affected Versions
NETGEAR R7800 (V1.0.2.90)