An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said. The flaw, a memory-safety issue present in the firmware s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. The vulnerability affects 79 different Netgear devices and 758 firmware images.
Source: https://threatpost.com/netgear-zero-day-takeover-routers/156744/