🤬
Enable build support by adding .buildspec.yml
README.md Loading last commit info...
exploit.py
README.md

TL;DR

A vulnerability in NETGEAR AFPD, Apple Filing Protocol daemon, process allows LAN side attackers to cause the product to overflow a buffer due to a pre-auth vulnerability.

Vulnerability Summary

A heap-buffer overflow in afpdʼs dsi_writeinit is leveraged to overwrite the proto_close function pointer in the DSI struct, and execute arbitrary code on the NETGEAR R7800 Smart Router, in the default configuration, on the LAN side, pre-auth.

Credit

An independent security researcher has reported this to the SSD Secure Disclosure program.

Affected Versions

NETGEAR R7800 (V1.0.2.90)

Please wait...
Page is in error, reload to recover